[PAST EVENT] Colloquium: Analysis of Access Control Enforcement in Android

September 27, 2019
3pm - 4pm
Location
McGlothlin-Street Hall, Room 020
251 Jamestown Rd
Williamsburg, VA 23185Map this location
Access & Features
  • Open to the public

Colloquium Speaker: Prof. William Enck from the Department of Computer Science at the North Carolina State University

Abstract:

Over the past decade, the security the Android platform has undergone significant scrutiny from both academic and industrial researchers. A key take-away from this literature is that Android's app-centric access control framework represents a distinct and positive change from traditional computing platforms. However, most prior work has been directed towards third-party applications. In contrast, there has been limited investigation of the correctness of Android's access control enforcement, which is scattered throughout the middleware implementation. In this talk, I will present our recent work building a static program analysis framework for the Android middleware. I will discuss how we have applied our ACMiner and ARF analysis tools at multiple versions of the Android Open Source Project (AOSP) and discovered tens of vulnerabilities, several of which have resulted in bug bounties and CVEs. In doing so, I will describe how the transition to an app-centric security model complicates the design of OS access control and the need for automated and semi-automated techniques to evaluate its correctness.

Speaker Bio: William Enck is an Associate Professor in the Department of Computer Science at the North Carolina State University where he is co-director of the Secure Computing Institute (SCI) and director of the Wolfpack Security and Privacy Research (WSPR) laboratory. Prof. Enck’s research interests span the broad area of systems security, with a focus on access control in emerging and complex systems such as those found in mobile platforms, Internet of Things (IoT), networks, and cloud infrastructure. In particular, his work in mobile application security has led to significant consumer awareness and changes to platforms. Prof. Enck was awarded the National Science Foundation CAREER Award and regularly serves on program committees for top conferences in security such as USENIX Security, IEEE Security and Privacy, ACM CCS, and NDSS. He is serving as department editor for IEEE Security and Privacy Magazine, as associate editor for ACM TOIT, and on the steering committees of the USENIX Security Symposium and ACM WiSec. He was program co-chair of USENIX Security 2018 and ACM WiSec 2016. Prior to joining NC State, Prof. Enck earned his Ph.D., M.S., and B.S in Computer Science and Engineering from the Pennsylvania State University in 2011, 2006, and 2004, respectively. Prof. Enck is a member of the ACM, IEEE, ISSA, and USENIX.