[Busec] Next Seminar on Monday (7/8) at noon in PHO 339

Ari Trachtenberg trachten at bu.edu
Fri Jul 5 12:46:54 EDT 2013

Our next seminar will be this Monday, July 8 from noon-1pm in PHO 339.

We will have two talks:

1.  Prof. Yuting Zhang will conclude her talk describing her lab's work on
Andrew Security (abstract appended below).

2.  Prof. Ari Trachtenberg will present work from two recent MS projects that
he advised:  (i) Audio Keylogger by Xiaohui Ma - using an Android phone's
microphone to identify keys typed on a keyboard, (ii) Lock cracking - using
magnetic, audio and/or video sensors on a phone to determine the secret
key of a combination lock.

As always, the seminar will be accompanied by a light lunch.

First talk:

Title:  Android Security
Speaker:  Prof. Yuting Zhang


Android as an open platform dominates the booming mobile market. However, the popularity and the open nature also contribute to a sharp increase of security threats and privacy invasions. This talk will give an overview of how our research attempts to enhance Android security through preventing, avoiding, and detecting the threats from multiple different levels. This talk will briefly introduce three of our projects: 1) at the platform level, we propose a Dynamic Role Based Access Control for Android (DR BACA) model and implement the DR BACA system. Our system offers multi-user management on Android mobile devices comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to enhance Android security at both application -and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC to provide more flexible access control while still being able to mitigate some of the most concerning security risks on mobile devices to date. 2) At the application level, we propose a security analysis framework that takes account of a range of vulnerability metrics to provide a unified and quantifiable method to evaluate the security risk level of Android applications. We will show some analysis results of applications in finance and healthcare sectors from Google market. 3) We also propose to build an application development assistant tool to educate the developers best practices and help them to avoid the security exploits. A primitive prototype is built to capture some Android security bugs.

Prof. Ari Trachtenberg            ECE, Boston University
trachten at bu.edu                    http://people.bu.edu/trachten

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20130705/d9bed70a/attachment.html>

More information about the Busec mailing list