9th Information Security Practice & Experience Conference   

12-14 May 2013, Lanzhou, China   


Android vs iOS: A Comparison of Mobile Application Security

     Smartphones become more and more popular. Android and iOS are two dominant mobile operating systems on the market. An interesting question is which one is more secure. We made a comparison by investigating applications that run on both Android and iOS and examining the difference in the usage of their security sensitive APIs (SS-APIs). We developed static analysis tools to perform massive static analysis for cross-platform applications on their SS-API usage. Our analysis showed that applications on iOS tend to use more SS-APIs compared to their counterparts on Android, and are more likely to access sensitive resources that may cause privacy breaches or security risks without being noticed.

     Jianying Zhou is a senior scientist at Institute for Infocomm Research. He received PhD in Information Security from University of London. His research interests are in computer and network security, mobile and wireless communications security. He is a founder and steering committee member of International Conference on Applied Cryptography and Network Security (ACNS).

Privacy Preserving Public Auditing for Group Shared Data in the Cloud

     By enjoying data storage and sharing services in the cloud, users are able to share data as a group. As a member of the group, a user not only has the right to access these shared data, but also have the right to modify shared data in the cloud. Although the cloud makes data sharing among users more easily than ever, due to the existence of failures in the cloud, users still have a huge concern with the security of their data, especially with data integrity. To help users protect the integrity of data stored in the cloud, several mechanismshave been proposed. In these mechanisms, a third-party auditor (TPA) is able to ef?ciently audit the integrity of data without retrieving the entire data from the cloud. During the auditing on the integrity of shared data, preserving identity privacy from the TPA is believed as a fundamental issue. In this talk, we will address several mechanisms which are able to preserve identity privacy for a group of users from the TPA when auditing the integrity of shared data in the cloud. What’s more, we will discuss the mechanism for shared data supporting groups with dynamic (new usersjoin the group and misbehaved users leave the group), which we believe is one of the most signi?cant features that a group should never miss.

     Hui Li, received B.Sc. degree from Fudan University in 1990, M.Sc. and Ph.D. degrees from Xidian University in 1993 and 1998. In 2009, he was with Department of ECE, University of Waterloo as a visiting scholar. Since 2005, he has been the professor in the school of Telecommunications Engineering, Xidian University, China. He is council member of CACR, member of Information Theory Experts Association of CIE, member of Communication Security Expert Association of CIC, member of Cryptography ChipExperts Associationof CACR. His research interests are in the areas of cryptography, cloud computing security, wireless network security, information theory and network coding. He served as TPC co-chair of ISPEC 2009 and IAS 2009, General co-chair of E-Forensic 2010, ProvSec 2011 and ISC 2011.