報告題目：Large-scale Third-party Library Detection in Android Markets
報告人：Dr. Jian Liu
With the thriving of mobile app markets, third-party libraries are pervasively used in Android applications. The libraries provide functionalities such as advertising, location, and social networking services, making app development much more productive. However, the spread of vulnerable and harmful third-party libraries can also hurt the mobile ecosystem, leading to various security problems. Therefore, third-party library identification and vulnerability analysis have emerged as an important problem in Android security field.
In this work, we proposed a novel approach, LibD, to identifying third-party Android libraries at a massive scale. Our method uses the internal code dependencies of an app to recognize library candidates and further classify them. Our experiment results show that LibD outperforms existing tools in detecting multi-package third-party libraries with the presence of name-based obfuscation, leading to significantly improved precision without the loss of scalability. In addition, we investigated the possibility of employing effective and scalable library detection to boost the performance of large-scale app analyses in the real world. We show that the technique of LibD can be used to accelerate whole-app Android vulnerability detection and quickly identify variants of vulnerable third-party libraries.
Speaker: Dr. Jian Liu
Jian Liu received his Ph.D. degree from Institute of Software, Chinese Academy of Sciences. He is now a research professor (doctoral advisor) at Institute of Information Engineering, CAS. He held a visiting professor position in the School of Information Technology and Electrical Engineering, University of Queensland, Australia, in 2010. His current research interests include system and software security, mobile security, web security, program analysis, testing and model checking. Dr. Liu has published several papers in top venues in areas of software engineering and system security, such as TSE, TODAES, ICSE, FSE and Mobisys, etc. He is now a member of IEEE.