Android has become a ubiquitous platform for running mobile apps, granting different actors access to vast amounts of private data. The growing complexity of the Android ecosystem introduces significant security challenges. In this talk, we will explore multiple layers of Android security: examining the foundational virtualization layers, stress-testing trusted applications, and assessing the impact of recent user-space mitigations. Through the lens of system security, we uncover vulnerabilities even in the most trusted layers. Trusted applications are susceptible to type confusion, while regular apps may face risks such as heap corruption attacks. Join us on this journey to enhance mobile ecosystem security through fuzzing, improved standards, and safer defaults.
Talk
(KEYNOTE) Advanced Android Archaeology: Baffled By Bloated Complexity
March 13, 09:00 (CAMPUS)
Speaker
Mathias Payer
Mathias Payer is an associate professor at EPFL, leading the HexHive group. His research centers on strengthening software and system security in the presence of vulnerabilities.
His broader interests include fuzzing and sanitization to uncover and address flaws, developing effective mitigations to protect against the exploitation of unknown or unpatched bugs, and employing fault isolation to enforce privilege separation. Mathias joined EPFL in 2018 where he founded the Polygl0ts CTF team.
Previously, he was an assistant professor at Purdue University, a PostDoc at UC Berkeley, and a PhD student at ETH Zurich.
