BEGIN:VCALENDAR VERSION:2.0 PRODID:IEEE vTools.Events//EN CALSCALE:GREGORIAN BEGIN:VTIMEZONE TZID:US/Pacific BEGIN:DAYLIGHT DTSTART:20170312T030000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3 TZNAME:PDT END:DAYLIGHT BEGIN:STANDARD DTSTART:20171105T010000 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11 TZNAME:PST END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20180129T052245Z UID:87D9B369-0698-11E7-A7C6-0050568D7F66 DTSTART;TZID=US/Pacific:20170322T183000 DTEND;TZID=US/Pacific:20170322T210000 DESCRIPTION:DELDroid: An Automated System for Determination and Enforcement of Least Privilege Architecture in Android\n\nModern mobile platforms rel y on a permission model to guard the system’s resources and apps. In And roid\, since the permissions are granted at the granularity of apps\, and all components belonging to an app inherit those permissions\, an app’s components are typically overprivileged\, i.e.\, components are granted mo re privileges than they need to complete their tasks. Systematic violation of least-privilege principle in Android has shown to be the root cause of many security vulnerabilities.\n\nTo mitigate this issue\, we have develo ped DELDROID\, an automated system for determination of least privilege ar chitecture in Android and its enforcement at runtime. A key contribution o f our approach is the ability to limit the privileges granted to apps with out the need to modify them. DELDROID utilizes static program analysis tec hniques to extract the exact privileges each component needs for providing its functionality. A Multiple-Domain Matrix representation of the system ’s architecture is then used to automatically analyze the security postu re of the system and derive its least-privilege architecture. Our experime nts on hundreds of real-world apps corroborate DELDROID’s ability in eff ectively establishing the least-privilege architecture and its benefits in alleviating the security threats.\n\nCo-sponsored by: IEEE OC Computer So ciety\n\nSpeaker(s): Mahmoud M. Hammad\, \n\nAgenda: \n6:30 – 7:00 PM N etworking + Dinner\n7:00 – 8:00 PM Presentation\n8:00 – 8:30 PM Q&A\ n8:30 – 9:00 PM More Networking\n\nRoom: D106\, Bldg: ATEP-IVC\, 15445 Landsdowne Road\, Tustin\, California\, United States\, 92782 LOCATION:Room: D106\, Bldg: ATEP-IVC\, 15445 Landsdowne Road\, Tustin\, Cal ifornia\, United States\, 92782 ORGANIZER:ieeeoccyber@gmail.com SEQUENCE:3 SUMMARY:IEEE OC CyberSecurity Monthly (Mar 22\, 2017) Technical Talk URL;VALUE=URI:https://events.vtools.ieee.org/m/44411 X-ALT-DESC:Description: <br /><p><span style="font-size: 18pt\; text-decora tion: underline\;"><strong>DELDroid: An Automated System for Determination and Enforcement of Least Privilege Architecture in Android<br /><br /></s trong></span></p>\n<p><span style="font-size: 14pt\;">Modern mobile platfo rms rely on a permission model to guard the system&rsquo\;s resources and apps. In Android\, since the permissions are granted at the granularity of apps\, and all components belonging to an app inherit those permissions\, an app&rsquo\;s components are typically overprivileged\, i.e.\, componen ts are granted more privileges than they need to complete their tasks. </s pan><span style="font-size: 14pt\;">Systematic violation of least-privileg e principle in Android has shown to be the root cause of many security vul nerabilities. </span></p>\n<p><span style="font-size: 14pt\;">To mitigate this issue\, we have developed DELDROID\, an automated system for determin ation of least privilege architecture in Android and its enforcement at ru ntime. A key contribution of our approach is the ability to limit the priv ileges granted to apps without the need to modify them. DELDROID utilizes static program analysis techniques to extract the exact privileges each co mponent needs for providing its functionality. A Multiple-Domain Matrix re presentation of the system&rsquo\;s architecture is then used to automatic ally analyze the security posture of the system and derive its least-privi lege architecture. Our experiments on hundreds of real-world apps corrobor ate DELDROID&rsquo\;s ability in effectively establishing the least-privil ege architecture and its benefits in alleviating the security threats.</sp an></p><br /><br />Agenda: <br /><table style="height: 168px\;" border="0" width="246">\n<tbody>\n<tr>\n<td>6:30 &ndash\; 7:00 PM</td>\n<td>&nbsp\;< /td>\n<td>Networking + Dinner</td>\n</tr>\n<tr>\n<td>7:00 &ndash\; 8:00 PM </td>\n<td>&nbsp\;</td>\n<td>Presentation</td>\n</tr>\n<tr>\n<td>8:00 &nda sh\; 8:30 PM</td>\n<td>&nbsp\;</td>\n<td>Q&amp\;A</td>\n</tr>\n<tr>\n<td>8 :30 &ndash\; 9:00 PM</td>\n<td>&nbsp\;</td>\n<td>More Networking</td>\n</t r>\n<tr>\n<td>&nbsp\;</td>\n<td>&nbsp\;</td>\n<td>&nbsp\;</td>\n</tr>\n</t body>\n</table> END:VEVENT END:VCALENDAR