Vote for this team on Twitter before April 12 at 6 p.m., using the hashtag #cyberfinaleteam1. Votes count toward the $2,000 "People's Choice" award.
Ashish Bijlani, Ruian Duan, and Meng Xu
School of Computer Science
In order to reduce time to market, mobile app developers often focus their efforts on creating new, unique features or workflows, and rely on third-party Open Source Software (OSS) for common elements of app code. Unfortunately, careless use of OSS can introduce significant legal and security risks that jeopardizes the security and privacy of end users, and may lead to high financial loss for the app developer. We propose OSS Police, a scalable and fully-automated tool for mobile app developers to quickly analyze their apps and identify free software license violations as well as known vulnerabilities in open-source software (OSS) code. OSS Police introduces a novel hierarchical indexing scheme to achieve both high scalability and accuracy, and is capable of efficiently comparing similarities of app binaries against a database of hundreds of thousands of OSS sources (billions of lines of code).
About the Students
Research Paper: https://dl.acm.org/citation.cfm?id=3134048
ACM Conference on Computer and Communications Security (CCS 2017): https://www.youtube.com/watch?v=1cFCCEkD_T0