Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, November 20 • 1:00pm - 1:50pm
A Framework for Android Security through Automation in Virtual Environments

Sign up or log in to save this to your schedule and see who's attending!


This session introduces a practical approach to securing Android applications through an automated framework. The framework uses a simple interface and automatically evaluates applications - even hundreds of them - harvesting behavioral data and run patterns, facilitating the vast majority of evolving security tests. Citing research from using this framework, this session will also answer some of today’s most pressing android security questions.
This presentation will address the limitations of real time security and fragmented security models for security evaluations of Android applications, and will demonstrate how to resolve this using an automated virtual environment that analyzes behavior of Android apps while providing a layer of transparency between Android apps and Android users.

Then it will present how I built an open source framework - the Android Security Evaluation Framework (ASEF) to help resolve security needs of a larger spectrum of Android users including researchers and developers. I will explain how to perform security evaluations on a bigger scale for app stores and large organizations by demonstrating scheduled automatic security evaluations that can be done remotely from an android device using ASEF and its agent.

Citing results from using ASEF, I will also recommend safe practices to follow by being proactive about security measures before installing an app, as well as tips for effective security management after android apps are installed. I will also discuss the importance of Behavioral Analysis and Vulnerability Management of android devices along with idea of integrating security tests in the plug and play framework of ASEF.
           Lastly, I will discuss the future of Android security through the eyes of automation and what tactics can be used to achieve conclusive and comprehensive coverage of upcoming Android security needs.


Speakers
avatar for Parth Patel

Parth Patel

Backend Developer / Security Engineer, Qualys
I find a programmatic way to replace myself at work and when I do, I explore new challenges to work on.  | | Android Security is my most recent interest. Please visit my Open Source Project at (http://code.google.com/p/asef/) | | I have presented my research work at Security Conferences like Sector 2012 (Toronto), BSides 2012 (Vegas, Dallas, Detroit) & S4 Con (San Francisco). | | I aspire to create a largest database of behavioral... Read More →


Wednesday November 20, 2013 1:00pm - 1:50pm
Belasco & Broadhurst (5th Floor) NY Marriott Marquis