Presentation
Time:
Dissertation Defense: Mohannad Alhanahnah
Date:
9:00 am
Avery Hall
Room: 103C
1144 T St
Lincoln NE 68508
Lincoln NE 68508
Additional Info: AVH
Dissertation Defense: Mohannad Alhanahnah
Committee Members: Dr. Hamid Bagheri (Advisor) and Dr. Qiben Yan (Co-Advisor), Dr. ThanhVu Nguyen, Dr. Witawas Srisa-an, and Dr. Hamid Sharif
“Advanced Security Analysis for Emergent Software Platforms”
Abstract: Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. This complexity is driven by the tight integration of many non-traditional actors, which involve platform developers, device vendors, library providers, application developers, application publishers, and end-users. This tight integration creates opportunities as well as unique challenges, as the involving actors in such emergent ecosystems have different capabilities and incentives, whose interactions may expose severe vulnerabilities. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.
This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the focus on detecting vulnerable and unsafe interactions between applications that share common components and devices. Contributions of this work include novel insights and methods for: (1) detecting vulnerable interactions between Android applications that leverage dynamic loading features for concealing the interactions; (2) identifying unsafe interactions between smart home applications by considering physical and cyber channels; (3) detecting malicious IoT applications that are developed to target numerous IoT devices; (4) detecting insecure patterns of emergent security APIs that are reused from open-source software. In all the four research thrusts, we present thorough security analysis and extensive evaluations based on real-world applications. Our results demonstrate that the proposed detection mechanisms can efficiently and effectively detect vulnerabilities in contemporary software platforms.
Committee Members: Dr. Hamid Bagheri (Advisor) and Dr. Qiben Yan (Co-Advisor), Dr. ThanhVu Nguyen, Dr. Witawas Srisa-an, and Dr. Hamid Sharif
“Advanced Security Analysis for Emergent Software Platforms”
Abstract: Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. This complexity is driven by the tight integration of many non-traditional actors, which involve platform developers, device vendors, library providers, application developers, application publishers, and end-users. This tight integration creates opportunities as well as unique challenges, as the involving actors in such emergent ecosystems have different capabilities and incentives, whose interactions may expose severe vulnerabilities. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.
This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the focus on detecting vulnerable and unsafe interactions between applications that share common components and devices. Contributions of this work include novel insights and methods for: (1) detecting vulnerable interactions between Android applications that leverage dynamic loading features for concealing the interactions; (2) identifying unsafe interactions between smart home applications by considering physical and cyber channels; (3) detecting malicious IoT applications that are developed to target numerous IoT devices; (4) detecting insecure patterns of emergent security APIs that are reused from open-source software. In all the four research thrusts, we present thorough security analysis and extensive evaluations based on real-world applications. Our results demonstrate that the proposed detection mechanisms can efficiently and effectively detect vulnerabilities in contemporary software platforms.