Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations

This paper is to appear at the 22nd ACM Conference on Computer and Communications Security 2015 (CCS), authored by Yangyi Chen, Tongxin Li, XiaoFeng Wang, Kai Chen and Xinhui Han.

Abstract

In this paper, we report the first large-scale, systematic study on the security qualities of emerging push-messaging services, focusing on their app-side service integrations. We identified a set of security properties different push-messaging services (e.g., Google Cloud Messaging) need to have, and automatically verified them in different integrations using a new technique, called Seminal.…

Read More

Unauthorized Cross-App Resource Access on Mac OS X and iOS

This paper is to appear at the 22nd ACM Conference on Computer and Communications Security 2015 (CCS), authored by Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-min Hu, Xinhui Han.

XARA Vulnerabilities on Mac OS X and iOS

On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs.…

Read More