BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Memento EPFL// BEGIN:VEVENT SUMMARY:Security vetting Android native libraries DTSTART:20230619T160000 DTEND:20230619T180000 DTSTAMP:20260407T042402Z UID:e42133559abb910802ef529647de58b23cdb01d3f945b3865d9f92c4 CATEGORIES:Conferences - Seminars DESCRIPTION:Philipp Yuxiang Mao\nEDIC candidacy exam\nExam president: Prof . Carmela Troncoso\nThesis advisor: Prof. Mathias Payer\nCo-examiner: Prof . Bryan Ford\n\nAbstract\nSmartphones are ubiquitous in our daily lives an d we rely on their functionality\nand the apps they offer.\nAndroid apps\, generally implemented in Java\, often incorporate native libraries writte n\nin a low-level language such as C/C++.\nThese native libraries are pron e to memory corruption vulnerabilities.\nWhen apps use native libraries to process untrusted data\, these vulnerabilities are\nexposed to attackers\ , creating an attack surface that may be exploited to gain access\nto a vi ctim's phone.\nThis attack surface has so far not been thoroughly studied and warrants in-depth investigation.\nTo understand how common vulnerabili ties in\nnative libraries are\, we propose to use fuzzing to automatically \ndiscover vulnerabilities. Fuzzing is an automated software\ntesting tech nique that involves injecting invalid\, unexpected\, or\nrandom data input s into a program to discover vulnerabilities.\nTo fuzz native libraries we propose Androlib a system that\nautomatically synthesizes fuzz drivers by statically analyzing apps to extract how the libraries are used.\nTo unde rstand the impact of discovered vulnerabilities\, we plan\nto study how th e multi-language setting (interpreted Java\nand native C/C++) of an Androi d app may be leveraged by\nan attacker to circumvent mitigations or create new attack\nprimitives.\n\nBackground papers\n\n FlowDroid: precise conte xt\, flow\, field\, object-sensitive and lifecycle-aware taint analysis fo r Android apps\n NativeGuard: protecting android applications from third-p arty native libraries\n Cross-Language Attacks\n LOCATION:BC 229 https://plan.epfl.ch/?room==BC%20229 STATUS:CONFIRMED END:VEVENT END:VCALENDAR