谢涛教授来我所做题为” 移动应用安全中的用户期望”的学术报告

受中科院计算技术研究所的计算机体系结构国家重点实验室的刘磊副研究员的邀请，谢涛教授于2016年11月10日来计算所交流并做了题为“移动应用安全中的用户期望”的学术报告。该报告于下午2点在计算所四楼报告厅举行。

在本次报告中，谢涛教授概括介绍了移动应用安全中的用户期望、取得的进展以及相关的技术挑战和解决方案。在报告过程中，谢涛教授通过ppt演讲的方法，清晰明了的介绍了相关的工作，使得参加报告的老师和同学能有更深刻的认识。谢涛教授介绍到，维护移动应用的安全和隐私卫生是一个核心挑战。遗憾的是，目前并没有程序分析算法可以确定应用程序是“安全的”或“无恶意软件”。例如，如果应用在电话通话期间录制音频，则可能是恶意软件。然而，用户可能想要使用这样的应用来记录电话呼叫以用于存档和良性目的。自动化程序分析工具的关键挑战是确定用户是否实际上希望该行为（即，用户期望）。在整个报告的过程中，谢涛教授和参会的老师同学之间在进行不断的交流。通过问答的形式，使得现场的气氛始终很活跃。一个多小时的时间很快就过去了，在大家的掌声中，谢涛教授结束了本次学术报告。

    报告之后，参会的老师和同学就报告中的相关问题进行了热烈讨论。感谢谢涛教授给我们带来的这次精彩报告。

    谢涛是美国伊利诺伊大学香槟分校计算机科学系副教授和威利特学院学者。他曾在微软研究院担任访问研究员。他的研究兴趣是软件工程，专注于软件测试，程序分析，软件分析，软件安全和教育软件工程。他是ACM杰出演讲者和IEEE计算机学会杰出访问者，同时也是ACM杰出科学家。他的主页是http://taoxie.cs.illinois.edu。

Tao Xie is an Associate Professor and Willett Faculty Scholar in the Department of Computer Science at the University of Illinois at Urbana-Champaign, USA. He has worked as a visiting researcher at Microsoft Research. His research interests are in software engineering, focusing on software testing, program analysis, software analytics, software security, and educational software engineering. He is an ACM Distinguished Speaker and an IEEE Computer Society Distinguished Visitor. He is an ACM Distinguished Scientist. His homepage is at http://taoxie.cs.illinois.edu.

Invited byLei Liu, Associate Professor of Key Laboratory of Computer System and Architecture,Institute of Computing Technology, Chinese Academy of Sciences, Prof. Tao Xie gave a report on “User Expectations in Mobile App Security” on November 10,2016. The report calculated on 2:00PM at Auditorium on the fourth floor.

In this report, Professor Xie Tao outlined the user expectations in mobile application security, the progress made and related technical challenges and solutions. Prof. Tao Xie speak through the ppt method to introduce the related work clearly, which make everyone who participating the report having a more profound understanding. Prof. Tao Xie introduced that,maintaining the security and privacy hygiene of mobile apps is a critical challenge. Unfortunately, no program analysis algorithm can determine that an application is "secure" or "malware‐free." For example, if an app records audio during a phone call, it may be malware. However, the user may want to use such an app to record phone calls for archival and benign purposes. A key challenge for automated program analysis tools is determining whether or not that behavior is actually desired by the user (i.e., user expectation). This talk presents recent research progress in exploring user expectations in mobile app security. By the form of question and answer, the atmosphere of the talk was always being active.How time fly! One hour passed quickly, Prof. Tao Xie finished his report in the applause.

After the talk, attendees carried out lively discussion on related issues. Thanks to Prof. Tao Xie brought us this excellent talk.