IEEE OC CyberSecurity Monthly (Mar 22, 2017) Technical Talk

Share

PLEASE REGISTER EARLY.

The room capacity is 50. Most of our sessions continue to fill up!

Also, helps us to order sufficent food.


DELDroid: An Automated System for Determination and Enforcement of Least Privilege Architecture in Android

Modern mobile platforms rely on a permission model to guard the system’s resources and apps. In Android, since the permissions are granted at the granularity of apps, and all components belonging to an app inherit those permissions, an app’s components are typically overprivileged, i.e., components are granted more privileges than they need to complete their tasks. Systematic violation of least-privilege principle in Android has shown to be the root cause of many security vulnerabilities.

To mitigate this issue, we have developed DELDROID, an automated system for determination of least privilege architecture in Android and its enforcement at runtime. A key contribution of our approach is the ability to limit the privileges granted to apps without the need to modify them. DELDROID utilizes static program analysis techniques to extract the exact privileges each component needs for providing its functionality. A Multiple-Domain Matrix representation of the system’s architecture is then used to automatically analyze the security posture of the system and derive its least-privilege architecture. Our experiments on hundreds of real-world apps corroborate DELDROID’s ability in effectively establishing the least-privilege architecture and its benefits in alleviating the security threats.



  Date and Time

  Location

  Contact

  Registration



  • 15445 Landsdowne Road
  • Tustin, California
  • United States 92782
  • Building: ATEP-IVC
  • Room Number: D106
  • Click here for Map

Staticmap?size=250x200&sensor=false&zoom=14&markers=33.7166054%2c 117
  • Parking is free BUT a parking pass is required. The parking pass will be available at the venue.

    Parking pass is also available @ http://sites.ieee.org/ocs-cssig/files/2017/01/ParkingPass.pdf

     Food and beverage at this event is free and is sponsored by CyberSecurity SIG.

  • Co-sponsored by IEEE OC Computer Society
  • Starts 12 March 2017 12:00 AM
  • Ends 22 March 2017 02:00 PM
  • All times are US/Pacific
  • No Admission Charge
  • Register


  Speakers

Mahmoud M. Hammad of University of California, Irvine

Topic:

DELDroid: An Automated System for Determination and Enforcement of Least Privilege Architecture in Android

Biography:

Mahmoud Hammad is a Software Engineering PhD student in the Informatics Department within the School of Information and Computer Science at the University of California, Irvine. He is also a member of the Institute for Software Research and a researcher at the Software Engineering and Analysis Laboratory (SEAL) led by his advisor Dr. Sam Malek.

Mahmoud’s general research interests are in the field of software engineering and his main focus in the area of software architecture and Android mobile security. Mahmoud received his M.S. degree in software engineering with an outstanding achievement award from George Mason University (2013). After he finished his B.S. in Computer Science (2005), he worked as Oracle database application developer for six years followed by two years as mobile software developers.

Email:

Address:Irvine, California, United States





Agenda

6:30 – 7:00 PM   Networking + Dinner
7:00 – 8:00 PM   Presentation
8:00 – 8:30 PM   Q&A
8:30 – 9:00 PM   More Networking
     


Parking pass is available @ http://sites.ieee.org/ocs-cssig/files/2017/01/ParkingPass.pdf