自 2025 年 3 月 27 日起,我们建议您使用 android-latest-release 而非 aosp-main 构建 AOSP 并为其做出贡献。如需了解详情,请参阅 AOSP 的变更。
ASPIRE
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
Android 安全和隐私研究 (ASPIRE) 计划为与 Android 相关的特定研究提供资金支持。
ASPIRE 从实用性角度来应对各种重大挑战,并鼓励研发可能成为 Android 核心功能并在未来 2-5 年内给 Android 生态系统带来积极影响的技术。这个时间范围超出了下一次年度 Android 发布时间,目的是在将相应功能纳入 Android 平台之前,留出足够的时间对功能进行分析、完善,以及研发稳定版。请注意,该计划不同于其他 Android 安全计划(例如漏洞披露计划)。
ASPIRE 的开展方式如下:征集研究主题提案,为精选提案提供资金支持,并使外部研究人员与 Google 员工开展合作。我们每年都会开展一次提案征集活动(通常是在年中),并在日历年结束前公布入选资助名单的提案。
如果您是一名研究人员,想要进一步推动 Android 安全性和隐私性实现突破,除了 ASPIRE 之外,您还可以通过以下几种方式参与:
- 以正在攻读高级学位的学生身份申请研究实习机会。
- 申请成为 Google 的访问研究人员。
- 与 Android 团队成员共同撰写发布内容。
- 与 Android 团队成员协作,对 Android 开源项目做出更改。
由 ASPIRE 提供资助的发布内容
2024
- 50 Shades of Support: A Device-Centric Analysis of Android Security Updates。Abbas Acar、Güliz Seray Tuncay、Esteban Luques、Harun Oz、Ahmet Aris 和 Selcuk Uluagac。2024 年网络和分布式系统安全会议 (NDSS)。[论文] [视频]
- Wear's my Data? Understanding the Cross-Device Runtime Permission Model in Wearables。Doguhan Yeke、Muhammad Ibrahim、Güliz Seray Tuncay、Habiba Farrukh、Abdullah Imran、Antonio Bianchi 和 Z. Berkay Celik。2024 年 IEEE 安全与隐私研讨会 (S&P)。[论文]
- (In)Security of File Uploads in Node.js。Harun Oz、Abbas Acar、Ahmet Aris、Güliz Seray Tuncay、Amin Kharraz、Selcuk Uluagac。2024 年 ACM Web 会议 (WWW)。[论文]
2023
- RøB: Ransomware over Modern Web Browsers。Oz、Harun、Ahmet Aris、Abbas Acar、Güliz Seray Tuncay、Leonardo Babun 和 Selcuk Uluagac。2023 年 USENIX 安全研讨会。[论文] [视频] [幻灯片]
- UE Security Reloaded: Developing a 5G Standalone User-Side Security Testing Framework。E Bitsikas、S Khandker、A Salous、A Ranganathan、R Piqueras Jover、C Pöpper。2023 年 ACM 无线和移动网络安全与隐私会议 (WiSec)。[论文] [视频] [幻灯片]
- The Android Malware Handbook。Qian Han、Salvador Mandujano、Sebastian Porst、V.S. Subrahmanian、Sai Deep Tetali。[图书]
- Understanding Dark Patterns in Home IoT Devices。Monica
Kowalczyk、Johanna T。Gunawan、David Choffnes、Daniel J Dubois、Woodrow Hartzog、Christo Wilson。2023 年 ACM 计算系统人为因素会议 (CHI)。[论文]
- Continuous Learning for Android Malware Detection。Yizheng Chen、Zhoujie Ding 和 David Wagner。2023 年 USENIX 安全研讨会。[论文]
- PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage。Yu-Tsung Lee、Haining Chen、William Enck、Hayawardh Vijayakumar、Ninghui Li、Zhiyun Qian、Giuseppe Petracca 和 Trent Jaeger。IEEE 可靠和安全计算事务,DOI:10.1109/TDSC.2023.3310402。[论文]
- Triaging Android Systems Using Bayesian Attack Graphs。Yu-Tsung Lee、Rahul George、Haining Chen、Kevin Chan 和 Trent Jaeger。2023 年 IEEE 安全开发会议 (SecDev)。[论文]
2022
- SARA: Secure Android Remote Authorization。Abdullah Imran、Habiba Farrukh、Muhammad Ibrahim、Z. Berkay Celik 和 Antonio Bianchi。2022 年 USENIX 安全研讨会。[论文] [视频] [幻灯片]
- FReD: Identifying File Re-Delegation in Android System Services。Sigmund Albert Gorski III、Seaver Thorn、William Enck 和 Haining Chen。2022 年 USENIX 安全研讨会。[论文] [视频] [幻灯片]
- Poirot: Probabilistically Recommending Protections for the Android Framework。Zeinab El-Rewini、Zhuo Zhang、Yousra Aafer。2022 年 ACM 计算机和通信安全会议 (CCS)。[论文]
- Sifter: Protecting Security-Critical Kernel Modules in Android through Attack Surface Reduction。Hsin-Wei Hung、Yingtong Liu、Ardalan Amiri Sani。2022 年 ACM 移动计算和网络会议 (MobiCom)。[论文]
2021
- An Investigation of the Android Kernel Patch Ecosystem。Zheng Zhang、Hang Zhang、Zhiyun Qian 和 Billy Lau。2021 年 USENIX 安全研讨会。[论文] [视频] [幻灯片]
- Demystifying Android's Scoped Storage Defense。 Yu-Tsung Lee、Haining Chen 和 Trent Jaeger。IEEE 安全与隐私,第 19 卷,no. 05,pp. 16-25, 2021 年。[论文]
2019
- Protecting the stack with PACed canaries。H.Liljestrand、Z. Gauhar、T. Nyman、J.-E. Ekberg 和 N. Asokan。[论文]
本页面上的内容和代码示例受内容许可部分所述许可的限制。Java 和 OpenJDK 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2024-07-15。
[null,null,["最后更新时间 (UTC):2024-07-15。"],[],[],null,["# ASPIRE\n\nThe Android Security and Privacy Research (ASPIRE) program provides\nfunding for certain research related to Android.\n\nASPIRE tackles fundamental challenges through the lens of practicality and\nencourages the development of technologies that may become core Android features\nin the future, impacting the Android ecosystem in the next 2-5 years. This\ntimeframe extends beyond the next annual Android release to allow adequate time\nto analyze, develop, and stabilize research into features before including in\nthe platform. Note that this is distinct from other Android security initiatives\nsuch as the [vulnerability\ndisclosure program](https://bughunters.google.com/about).\n\nASPIRE operates by inviting proposals for research topics, providing funding\nfor select proposals, and partnering external researchers with Googlers. We\nannounce a call for proposals once a year, typically in the middle of the year,\nand announce the proposals selected for funding by the end of the calendar\nyear.\n\nBeyond ASPIRE, if you're a researcher interested in pushing the boundaries of\nAndroid security and privacy, there are several ways to participate:\n\n- Apply for a [research\n internship](https://careers.google.com/students/engineering-and-technical-internships/) as a student pursuing an advanced degree.\n- Apply to become a [Visiting\n Researcher](https://research.google/outreach/visiting-researcher-program/) at Google.\n- Co-author publications with Android team members.\n- Collaborate with Android team members to make changes to the Android Open Source Project.\n\n### Publications funded by ASPIRE\n\n#### 2025\n\n- **ScopeVerif: Analyzing the Security of Android's\n Scoped Storage via Differential Analysis** Zeyu Lei, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Beatrice Carissa Williem, Z. Berkay Celik, and Antonio Bianchi. Purdue University, Google 2025 \\[[paper](https://www.ndss-symposium.org/wp-content/uploads/2025-340-paper.pdf)\\]\n\n\u003c!-- --\u003e\n\n- **LANShield: Analysing and Protecting Local Network Access on Mobile Devices.** Angelos Beitis, Jeroen Robben, Alexander Matern, Zhen Lei, Yijia Li, Nian Xue, Yongle Chen, Vik Vanderlinden, and Mathy Vanhoef. 25th Privacy Enhancing Technologies Symposium (PETS) 2025. \\[[paper](https://papers.mathyvanhoef.com/pets2025.pdf)\\] \\[[website](https://lanshield.eu)\\]\n\n#### 2024\n\n- **SIMurai: Slicing Through the Complexity of SIM Card Security Research** Tomasz Piotr Lisowski, Merlin Chlosta, Jinjin Wang, and Marius Muench. 33rd USENIX Security Symposium. \\[[paper](https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf)\\] \\[[video](https://www.youtube.com/watch?v=3_R9P--ksE4)\\] \\[[slides](https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf)\\]\n- **50 Shades of Support: A Device-Centric Analysis of Android\n Security Updates.** Abbas Acar, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Esteban Luques, Harun Oz, Ahmet Aris, and Selcuk Uluagac. Networked and Distributed Systems Security (NDSS) 2024. \\[[paper](https://www.ndss-symposium.org/wp-content/uploads/2024-175-paper.pdf)\\] \\[[video](https://www.youtube.com/watch?v=s_CIxz1BLEM)\\]\n- **Wear's my Data? Understanding the Cross-Device Runtime Permission\n Model in Wearables.** Doguhan Yeke, Muhammad Ibrahim, [Güliz SerayP\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Habiba Farrukh, Abdullah Imran, Antonio Bianchi, and Z. Berkay Celik. IEEE Symposium on Security and Privacy (S\\&P) 2024. \\[[paper\\]](https://www.computer.org/csdl/proceedings-article/sp/2024/313000a077/1RjEaMvw3iE) \\[[video](https://www.youtube.com/watch?v=EWrEsDJ084c)\\]\n- **(In)Security of File Uploads in Node.js.** Harun Oz, Abbas Acar, Ahmet Aris, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Amin Kharraz, Selcuk Uluagac. ACM Web Conference (WWW) 2024. \\[[paper](https://research.google/pubs/pub53215/)\\]\n\n#### 2023\n\n- **RøB: Ransomware over Modern Web Browsers** . Oz, Harun, Ahmet Aris, Abbas Acar, [Güliz Seray\n Tuncay](https://research.google/people/g%C3%BCliz-seray-tuncay/), Leonardo Babun, and Selcuk Uluagac. USENIX Security Symposium (USENIX Security) 2023. \\[[paper](https://www.usenix.org/system/files/usenixsecurity23-oz.pdf)\\] \\[[video](https://youtu.be/MUVNz6p3_jk)\\] \\[[slides](https://www.usenix.org/system/files/sec23_slides_oz.pdf)\\]\n- **UE Security Reloaded: Developing a 5G Standalone User-Side Security\n Testing Framework** . E Bitsikas, S Khandker, A Salous, A Ranganathan, R Piqueras Jover, C Pöpper. ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2023. \\[[paper](https://dl.acm.org/doi/abs/10.1145/3558482.3590194)\\] \\[[video](https://www.youtube.com/watch?v=GrJCN-_T29c&list=PL4FCce8hBdnIf2argwcrw5J0h_eB39WSn&index=15)\\] \\[slides\\]\n- **The Android Malware Handbook.** Qian Han, Salvador Mandujano, Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali. \\[[book](https://books.google.com/books/about/The_Android_Malware_Handbook.html?id=U2y1EAAAQBAJ)\\]\n- **Understanding Dark Patterns in Home IoT Devices** . Monica Kowalczyk, Johanna T. Gunawan, David Choffnes, Daniel J Dubois, Woodrow Hartzog, Christo Wilson. ACM Conference on Human Factors in Computing Systems (CHI) 2023. \\[[paper](https://david.choffnes.com/pubs/chi23-740-2.pdf)\\]\n- **Continuous Learning for Android Malware Detection** . Yizheng Chen, Zhoujie Ding, and David Wagner. USENIX Security Symposium (USENIX Security) 2023. \\[[paper](https://www.usenix.org/system/files/usenixsecurity23-chen-yizheng.pdf)\\]\n- **PolyScope: Multi-Policy Access Control Analysis to Triage Android\n Scoped Storage** . Yu-Tsung Lee, Haining Chen, William Enck, Hayawardh Vijayakumar, Ninghui Li, Zhiyun Qian, Giuseppe Petracca, and Trent Jaeger. IEEE Transactions on Dependable and Secure Computing, doi: 10.1109/TDSC.2023.3310402. \\[[paper](https://ieeexplore.ieee.org/abstract/document/10234635)\\]\n- **Triaging Android Systems Using Bayesian Attack Graphs.** Yu-Tsung Lee, Rahul George, Haining Chen, Kevin Chan, and Trent Jaeger. IEEE Secure Development Conference (SecDev), 2023. \\[[paper](https://ieeexplore.ieee.org/abstract/document/10305618)\\]\n\n#### 2022\n\n- **SARA: Secure Android Remote Authorization** . Abdullah Imran, Habiba Farrukh, Muhammad Ibrahim, Z. Berkay Celik, and Antonio Bianchi. USENIX Security Symposium (USENIX Security) 2022. \\[[paper](https://www.usenix.org/system/files/sec22-imran.pdf)\\] \\[[video](https://youtu.be/gvYUctgJ3P8)\\] \\[[slides](https://www.usenix.org/system/files/sec22_slides-imran.pdf)\\]\n- **FReD: Identifying File Re-Delegation in Android System\n Services.** Sigmund Albert Gorski III, Seaver Thorn, William Enck, and Haining Chen. USENIX Security Symposium (USENIX Security) 2022. \\[[paper](https://www.usenix.org/system/files/sec22summer_gorski.pdf)\\] \\[[video](https://www.youtube.com/watch?v=xtv1-51W2o8)\\] \\[[slides](https://www.usenix.org/system/files/sec22_slides-gorski.pdf)\\]\n- **Poirot: Probabilistically Recommending Protections for the Android\n Framework.** Zeinab El-Rewini, Zhuo Zhang, Yousra Aafer. ACM Computer and Communication Security (CCS) 2022. \\[[paper](https://dl.acm.org/doi/pdf/10.1145/3548606.3560710)\\]\n- **Sifter: Protecting Security-Critical Kernel Modules in Android\n through Attack Surface Reduction.** Hsin-Wei Hung, Yingtong Liu, Ardalan Amiri Sani. ACM Conference on Mobile Computing And Networking (MobiCom) 2022. \\[[paper](https://dl.acm.org/doi/pdf/10.1145/3495243.3560548)\\]\n\n#### 2021\n\n- **An Investigation of the Android Kernel Patch\n Ecosystem.** Zheng Zhang, Hang Zhang, Zhiyun Qian, and Billy Lau. USENIX Security Symposium (USENIX Security) 2021. \\[[paper](https://www.usenix.org/system/files/sec21-zhang-zheng.pdf)\\] \\[[video](https://www.youtube.com/watch?v=sx2unUrsQhc)\\] \\[[slides](https://www.usenix.org/system/files/sec21_slides_zhang-zheng.pdf)\\]\n- **Demystifying Android's Scoped Storage Defense.** Yu-Tsung Lee, Haining Chen, and Trent Jaeger. IEEE Security \\& Privacy, vol. 19, no. 05, pp. 16-25, 2021. \\[[paper](https://ieeexplore.ieee.org/abstract/document/9502925)\\]\n\n#### 2019\n\n- **Protecting the stack with PACed canaries.** H. Liljestrand, Z. Gauhar, T. Nyman, J.-E. Ekberg, and N. Asokan. \\[[paper](https://dl.acm.org/doi/pdf/10.1145/3342559.3365336)\\]"]]
