SPICE Speaker Zhiqiang Lin Presents on Discovering Server Side Vulnerabilities via Automated App Analysis


On May 29th, Indiana University's Security & Privacy in Informatics, Computing, and Engineering (SPICE) center hosted Dr. Zhiqiang Lin, as a SPICE Colloquium speaker. Delivering his talk entitled Uncovering Server Side Vulnerabilities via Automated Mobile App Analysis, Lin presented on a method of detecting server-side vulnerabilities in the cloud through automated mobile application analysis.

Using this technique, his research team found tens of thousands of applications whose server-side implementations had a variety of data leakage centering around insecure use of authentication credentials and misconfiguration of the access permissions. All of the free Android applications (about 100,000 as of November 2017) accessing Cloud services from Microsoft, Google, and Amazon were tested and found thousands of vulnerable server-side implementations for these apps. His team’s findings resulted in actionable disclosures and improvements in application documentation and implementation.

Dr. Lin is an Associate Professor of Computer Science at The Ohio State University. His research interests are systems and software security, with an emphasis on developing program analysis techniques and applying them to secure both the application programs, including mobile apps and the underlying system software such as OS kernels and hypervisors. He has published over 70 papers in major computer security venues such as Oakland, CCS, USENIX Security, and NDSS, and has served on the program committees of many of these conferences. Dr. Lin is a recipient of both NSF CAREER award and AFOSR Young Investigator award.

The SPICE Speaker Colloquium series is in its inaugural year and seeks to bring speakers from a variety of backgrounds and research interests in the area of security informatics and cybersecurity.

Dr. Lin's presentation can be viewed here: