<blockquote id="jhhlt"><del id="jhhlt"><legend id="jhhlt"></legend></del></blockquote>



                      當前位置:    首頁 > 學術交流 > 學術看板 >    正文
                      Large-scale Third-party Library Detection in Android Markets

                      日期:2019-07-16                   來源:                   作者:               關注:

                      報告題目:Large-scale Third-party Library Detection in Android Markets

                      報告人:Dr. Jian Liu




                      With the thriving of mobile app markets, third-party libraries are pervasively used in Android applications. The libraries provide functionalities such as advertising, location, and social networking services, making app development much more productive. However, the spread of vulnerable and harmful third-party libraries can also hurt the mobile ecosystem, leading to various security problems. Therefore, third-party library identification and vulnerability analysis have emerged as an important problem in Android security field.

                      In this work, we proposed a novel approach, LibD, to identifying third-party Android libraries at a massive scale. Our method uses the internal code dependencies of an app to recognize library candidates and further classify them. Our experiment results show that LibD outperforms existing tools in detecting multi-package third-party libraries with the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability. In addition, we investigated the possibility of employing effective and scalable library detection to boost the performance of large-scale app analyses in the real world. We show that the technique of LibD can be used to accelerate whole-app Android vulnerability detection and quickly identify variants of vulnerable third-party libraries.

                      Speaker: Dr. Jian Liu


                      Jian Liu received his Ph.D. degree from Institute of Software, Chinese Academy of Sciences. He is now a research professor (doctoral advisor) at Institute of Information Engineering, CAS. He held a visiting professor position in the School of Information Technology and Electrical Engineering, University of Queensland, Australia, in 2010. His current research interests include system and software security, mobile security, web security, program analysis, testing and model checking. Dr. Liu has published several papers in top venues in areas of software engineering and system security, such as TSE, TODAES, ICSE, FSE and Mobisys, etc. He is now a member of IEEE.