Android Security: Attacks, Defenses, and Education

This talk consists of 3 parts: attack, defenses, and education. For the attack part, I will present some of the recent attacks/vulnerabilities that we have identified, including the code injection attacks on the HT-ML5-based apps, the hanging attribute reference vulnerability, and data residue vulnerabilities in Android OS. I will also present our investigation work on understanding how vendor customization can lead to secu-rity problems in Android. For the defense side, we focus on improving the access control systems for the Android operating system. I will present our recent work (called PINPINT) on virtualizing Android’s system resources. For the education part, we have developed many hands-on lab exercises for security education,

including two labs on Android security. I will give a high-level overview about these lab exercises.

Kevin Du, Ph.D.Professor of Electrical Engineering

and Computer ScienceSyracuse University

Fall 2016 Seminar Series

Thursday,November 10

Coffee with students: 10:30 a.m. Howell Hall Atrium

Reception:3:00 p.m. HOH 208

Seminar:4:00 p.m. HOH 201