各部门、各单位:
应我校计算机学院邀请,中国科学院信息工程研究所刘剑副研究员将于9月5日来我校做软件测试主题学术报告,欢迎广大师生参加!具体安排如下:
报告时间:2018年9月5日(星期三)19:00—21:00
报告地点:东区逸夫教学楼FF227室
报告题目:Large-Scale Detection and Analysis of Third-party Library in Android Applications
摘要:With the thriving of mobile app markets, third-party libraries are pervasively used in Android applications. The libraries provide functionality such as advertising, location, and social networking services, making app development much more productive. However, the spread of vulnerable and harmful third-party libraries can also hurt the mobile ecosystem, leading to various security problems. Therefore, third-party library identification has emerged as an important problem and the basis of many security applications such as repackaging detection, vulnerability identification, and malware analysis.
In this work, we will introduce our Android third-party libraries analysis tool called LibD. LibD is a cutting static analysis engine, which uses the internal code dependencies of an app to detect and classify library candidates. With a fine-grained feature hashing strategy, it can better handle code whose package and method names are obfuscated. Our experimental results on 1,427,395 apps show that compared to existing tools, LibD can better handle multi-package third-party libraries in the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability. Moreover, we show that the technique of LibD can also be used to speed up whole-app Android vulnerability detection and quickly identify variants of vulnerable third-party libraries.
报告人简介:刘剑,中国科学院信息工程研究所副研究员、博士生导师。2005年获在中国科学院软件研究所获博士学位,2010在澳大利亚昆士兰大学做高级访问学者。主要从事软件与系统安全、移动安全、Web安全、软件分析及安全测试等研究。现主持国家级项目2项,作为课题骨干参加国家自然科学基金重点项目、国家科技重大专项“核高基”项目、中国科学院知识创新工程等项目的研究工作。迄今在国内外学术会议和期刊发表30余篇学术论文,包括IEEE TSE、ACM TODAES、ICSE、FSE、Mobisys、ICST等顶级国际会议和期刊。
特此通知。
科研处
计算机学院
2018年9月4日
