Cybersecurity Demo Day - Team C1 2018

Vote for this team on Twitter before April 12 at 6 p.m., using the hashtag #cyberfinaleteam1. Votes count toward the $2,000 "People's Choice" award.

 

"OSS Police"

 
Ashish Bijlani, Ruian Duan, and Meng Xu

School of Computer Science

 

In order to reduce time to market, mobile app developers often focus their efforts on creating new, unique features or workflows, and rely on third-party Open Source Software (OSS) for common elements of app code. Unfortunately, careless use of OSS can introduce significant legal and security risks that jeopardizes the security and privacy of end users, and may lead to high financial loss for the app developer. We propose OSS Police, a scalable and fully-automated tool for mobile app developers to quickly analyze their apps and identify free software license violations as well as known vulnerabilities in open-source software (OSS) code. OSS Police introduces a novel hierarchical indexing scheme to achieve both high scalability and accuracy, and is capable of efficiently comparing similarities of app binaries against a database of hundreds of thousands of OSS sources (billions of lines of code).

 
 

 

About the Students

Ashish Bijlani: Linkedin, GitHub

Ruian Duan: Homepage, Linkedin, GitHub

Meng Xu: Homepage, GitHub

 

Additional Background

Research Paper: https://dl.acm.org/citation.cfm?id=3134048

ACM Conference on Computer and Communications Security (CCS 2017): https://www.youtube.com/watch?v=1cFCCEkD_T0