Seminari di Informatica: tutti i giovedì alle 14.30 presso il DIBRIS I seminari in Informatica saranno tenuti da dottorandi e docenti, nella Sala conferenze del DIBRIS.
The talks will be recorded and they will be available online at the YouTube channel Unige-DIBRIS. If you don't want to miss anything, add the seminars to your calendar following this link.
Date: Thursday, 14th November 2019
Location: Dibris, Valletta Puggia, Conference Hall (322)
Title: Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps
Frame Confusion is a vulnerability affecting hybrid applications which
allows circumventing the isolation granted by the Same-Origin Policy. The detection
of such vulnerability is still carried out manually by application developers,
but the process is error-prone and often underestimated. In this talk, I propose
a sound and complete methodology to detect the Frame Confusion on Android
as well as a publicly-released tool (i.e., FCDroid) which implements such
methodology and allows to detect the Frame Confusion in hybrid applications,
automatically. I also discuss an empirical assessment carried out on a set of
50K applications using FCDroid, which revealed that a lot of hybrid applications
suffer from Frame Confusion. Finally, I show how to exploit Frame Confusion
on a news application to steal the user’s credentials.
Davide Caputo is a first year PhD student in Computer Science. He obtained both her BSc and MSc in Computer Engineering at the University of Genoa and he is now working under the supervision of Alessio Merlo. His research topic focuses on Mobile Security, in particular on the security of Hybrid Applications.
Hoping to see you there!
Informazioni e contatti
- Dal al
- Sala Conferenze DIBRIS, Via Dodecaneso 35, ogni giovedì alle 14.30