Android Security: Attacks and Defenses

Time: September 27, 2013 - 3:15 PM - 3:50 PM

Location: Distributed Education Classroom, #1201, Collaborative Innovation Center (DEC@CIC), Carnegie Mellon University

Description:

Android SecurityINI alumni Anmol Misra (CIT, 2005) and Abhishek Dubey (CIT, 2006) discuss their new comprehensive book, Android Security: Attacks and Defenses, which is about the security challenges facing the Android platform.

The INI will host a book signing and reception at 4:00 p.m. in the CIC Atrium. The talk takes place on campus as a part of the Ceilidh Weekend activities. See the full schedule of Ceilidh events.

Speaker: Anmol Misra and Abhishek Dubey

Talk Abstract:

From Amazon:  Android Security: Attacks and Defenses is for anyone interested in learning about the strengths and weaknesses of the Android platform from a security perspective. Starting with an introduction to Android OS architecture and application programming, it will help readers get up to speed on the basics of the Android platform and its security issues.

Explaining the Android security model and architecture, the book describes Android permissions, including Manifest permissions, to help readers analyze applications and understand permission requirements. It also rates the Android permissions based on security implications and covers JEB Decompiler.

The authors describe how to write Android bots in JAVA and how to use reversing tools to decompile any Android application. They also cover the Android file system, including import directories and files, so readers can perform basic forensic analysis on file system and SD cards. The book includes access to a wealth of resources on its website: www.androidinsecurity.com. It explains how to crack SecureApp.apk discussed in the text and also makes the application available on its site.

The book includes coverage of advanced topics such as reverse engineering and forensics, mobile device pen-testing methodology, malware analysis, secure coding, and hardening guidelines for Android. It also explains how to analyze security implications for Android mobile devices/applications and incorporate them into enterprise SDLC processes.

The book’s site includes a resource section where readers can access downloads for applications, tools created by users, and sample applications created by the authors under the Resource section. Readers can easily download the files and use them in conjunction with the text, wherever needed. Visit www.androidinsecurity.com for more information.

Speaker Bio: Anmol Misra is a contributing author of the book Defending the Cloud: Waging War in Cyberspace (Infinity Publishing, December 2011). His expertise includes mobile and application security, vulnerability management, application and infrastructure security assessments, and security code reviews.

He is currently Program Manager of the Critical Business Security External (CBSE) team at Cisco. The CBSE team is part of the Information Security Team (InfoSec) at Cisco and is responsible for the security of Cisco’s Cloud Hosted Services. Prior to joining Cisco, Anmol was a Senior Consultant with Ernst & Young LLP. In his role, he advised Fortune 500 clients on defining and improving Information Security programs and practices. He helped large corporations to reduce IT security risk and achieve regulatory compliance by improving their security posture.

Anmol holds a master’s degree in Information Networking from Carnegie Mellon University. He also holds a Bachelor of Engineering degree in Computer Engineering. He served as Vice President of Alumni Relations for the Bay Area chapter of the Carnegie Mellon Alumni Association.In his free time, Anmol enjoys long walks on the beaches of San Francisco. He is a voracious reader of nonfiction books—especially, history and economics—and is an aspiring photographer.

Abhishek Dubey
has a wide variety of experience in information security, including reverse engineering, malware analysis, and vulnerability detection. He is currently working as a Lead/Senior Engineer of the Security Services and Cloud Operations team at Cisco. Prior to joining Cisco, Abhishek was Senior Researcher in the Advanced Threat Research Group at Webroot Software.

Abhishek holds a master’s degree in Information Security and Technology Management from Carnegie Mellon University and also holds a B.Tech degree in Computer Science and Engineering. He is currently pursuing studies in Strategic Decisions and Risk Management at Stanford University. He has served as Vice President of Operations and Alliances for the Bay Area chapter of the Carnegie Mellon Alumni Association. This alumni chapter is 5,000 students strong. In his free time, Abhishek is an avid distance runner and photographer. He also enjoys rock climbing and being a foodie.