学术讲座【CDRep:Automatic Repair of Cryptographic Misuses in Android Applications (ASIACCS 2016)】

浏览次数: 325 发布时间: 2016-05-30

时间201663下午15:50

地点:旗山校区软件学院507报告厅

主讲:Siqi MA(马思奇), School of Information System, Singapore Management University, Third-year Ph.D student

主办:福建师范大学软件学院

专家简介MA Siqi is a third-year PhD student in the School of Information System, Singapore Management University. She is advised by Professor Robert H. Deng and Assistant Professor David Lo. From August 2015 to May 2015, she visited the Cyber Security Lab in CMU, advised by Assistant Professor Nicolas Christin. Her research interest is software security, mainly focus on vulnerability detection and repair.

报告摘要:Cryptography is increasingly being used in mobile applications to provide various security services; from user authentication, data privacy, to secure communications. However, there are plenty of mistakes that developers could accidentally make when using cryptography in their mobile apps and such mistakes can lead to a false sense of security. Recent research reports indeed show that a significant portion of mobile apps in both Android and iOS platforms misused cryptographic APIs. In this paper, we present CDRep, a tool for automatically repairing cryptographic misuse defects in Android apps. We classify such defects into seven types and manually assemble the corresponding x patterns based on the best practices in cryptographic implementations. CDRep consists of two phases, a detection phase which identifies defect locations in a mobile app and a repair phase which repairs the vulnerable app automatically. In our validation, CDRep is able to successfully repair 94.5% of 1,262 vulnerable apps. Furthermore, CDRep is lightweight, the average run-time to generate a patch is merely 19.3 seconds and the size of a repaired app increases by only 0.667% on average.