Prof. Zhiqiang Lin
Associate Professor of Computer Science and Engineering
The Ohio State University
Title: Uncovering Server Side Vulnerabilities via Mobile App Analysis
Abstract: Today mobile apps are everywhere. Typically, they have to connect to remote services to be really useful. Unfortunately, both the mobile apps and the remote services can be poorly engineered and they may contain various vulnerabilities that undermine users’ security and privacy. A significant amount of research efforts in the community has focused on vetting the vulnerabilities in the mobile apps. However, little attention has targeted on the remote services. In this talk, I will present a line of research that automatically identifies the vulnerabilities of remote services through mobile app analysis. In particular, I will first present AutoForge that is able to automatically generate server request messages even with cryptographic constraints such that authentication vulnerabilities can be identified. Then, I will describe AuthScope that identifies the authorization vulnerabilities via differential analysis. Finally, I will talk about LeakScope that identifies the data leakage vulnerabilities in the cloud from mobile apps. With these tools and techniques, tens of thousands of vulnerabilities in the remote services have been identified, and responsible disclosures have all been made to the service providers.
Bio: Zhiqiang Lin is an Associate Professor of Computer Science at The Ohio State University. His research interests are systems and software security, with an emphasis on developing program analysis techniques and applying them to secure both the application programs including mobile apps and the underlying system software such as OS kernels and hypervisors. He has served on the program committees of systems security venues such as ACM CCS, USENIX Security, and NDSS, and is currently an Associate Editor of IEEE Transactions on Dependable and Secure Computing.
Prof. Robert Deng
Director of the Secure Mobile Centre, School of Information Systems
Singapore Management University
Title: A User Centric Approach to Secure Mobile Systems and Applications
Abstract: Mobile computing has become fundemantal feature in the lives of billions of people, who have developed an unprecedented reliance on mobile systems and applications compared to any previous computing technology. With the trend of bring your own device, smart phones and other portable devices are increasingly used to access and store sensitive corporate information as well. However, not only mobile systems and applications present a unique set of risks to personal privacy, they also pose new security challenges to enterprise information systems.
This talk will provide an overview of the research projects at the Secure Mobile Centre, Singapore Management University, from techniques to fortifying mobile platforms with a user centric trust anchor, mobile malware analysis, detection and containment, secure and usable user authentication, to scalable and efficient access control of encrypted data in the cloud for mobile users whose devices are constrained in both power and computation capabilities. A common feature of all the projects is their user centric approach which takes user characteristics into consideration and aims to strike a balance between security and usability.
Bio: Professor Robert Deng is AXA Chair Professor of Cybersecurity and Director of the Secure Mobile Centre, School of Information Systems, Singapore Management University (SMU). His research interests are in the areas of data security and privacy, cloud security and Internet of Things security. He received the Outstanding University Researcher Award from National University of Singapore, Lee Kuan Yew Fellowship for Research Excellence from SMU, and Asia-Pacific Information Security Leadership Achievements Community Service Star from International Information Systems Security Certification Consortium. He has 26 patents and has published more than 300 papers on cybersecurity. He serves/served on many advisory boards, editorial boards and conference committees. These include the editorial boards of IEEE Security & Privacy Magazine, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Information Forensics and Security, Journal of Computer Science and Technology, and Steering Committee Chair of the ACM Asia Conference on Computer and Communications Security. He is an IEEE Fellow.