各部门、各单位:
应我校计算机学院邀请,中国科学院信息工程研究所刘剑副研究员将于9月5日来我校做软件测试主题学术报告,欢迎广大师生参加!具体安排如下:
报告时间:2018年9月5日(星期三)19:00—21:00
报告地点:东区逸夫教学楼FF227室
报告题目:Large-ScaleDetection and Analysis of Third-party Library in Android Applications
摘要:With the thrivingof mobile app markets, third-party libraries are pervasively used in Androidapplications. The libraries provide functionality such as advertising,location, and social networking services, making app development much moreproductive. However, the spread of vulnerable and harmful third-party librariescan also hurt the mobile ecosystem, leading to various security problems.Therefore, third-party library identification has emerged as an importantproblem and the basis of many security applications such as repackagingdetection, vulnerability identification, and malware analysis.
In this work, we will introduce ourAndroid third-party libraries analysis tool called LibD. LibD is a cuttingstatic analysis engine, which uses the internal code dependencies of an app todetect and classify library candidates. With a fine-grained feature hashingstrategy, it can better handle code whose package and method names areobfuscated. Our experimental results on 1,427,395 apps show that compared toexisting tools, LibD can better handle multi-package third-party libraries inthe presence of name-based obfuscation, leading to significantly improvedprecision without the loss of scalability. Moreover, we show that the techniqueof LibD can also be used to speed up whole-app Android vulnerability detectionand quickly identify variants of vulnerable third-party libraries.
报告人简介:刘剑,中国科学院信息工程研究所副研究员、博士生导师。2005年获在中国科学院软件研究所获博士学位,2010在澳大利亚昆士兰大学做高级访问学者。主要从事软件与系统安全、移动安全、Web安全、软件分析及安全测试等研究。现主持国家级项目2项,作为课题骨干参加国家自然科学基金重点项目、国家科技重大专项“核高基”项目、中国科学院知识创新工程等项目的研究工作。迄今在国内外学术会议和期刊发表30余篇学术论文,包括IEEE TSE、ACMTODAES、ICSE、FSE、Mobisys、ICST等顶级国际会议和期刊。
特此通知。
科研处
计算机学院
2018年9月4日