-
CS Colloquium: Manuel Egele (Carnegie Mellon University): Opposites Attract -- Static analysis on mobile apps for security and privacy
Thu, Mar 28, 2013 @ 03:30 PM - 05:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Speaker: Manuel Egele, Carnegie Mellon University (CyLab)
Talk Title: Opposites Attract -- Static analysis on mobile apps for security and privacy
Series: CS Colloquium
Abstract: Mobile devices are ubiquitous. Apple sold more than 400 million iOS devices to date, and it has been reported that more than 500 million Android-based devices are in customers' hands. These devices open exciting new avenues of innovation such as location-based services and mobile payment. Of course, the user has a legitimate desire to keep the privacy-sensitive data maintained and collected by these smart devices safe and secure. Unfortunately, mobile devices frequently expose such information to prying third-party applications (apps). In this talk, I will demonstrate how novel static analysis techniques can be used to automatically assess whether apps adhere to the user's expectation of privacy. My binary static analysis platform (PiOS) has the capability to evaluate many different security properties on iOS applications. For example, PiOS automatically detected numerous popular applications that leak privacy sensitive data, such as address book contents or location information over the Internet. Furthermore, based on PiOS, we were also able to retrofit iOS applications with control flow integrity protection. Android recently surpassed Apple as the most popular smart phone operating system. Thus, in this talk, I will also cover my research to leverage static analysis techniques to detect misuse of cryptographic primitives in Android apps. Furthermore, I will illustrate how these techniques can be used to refine and improve the existing coarse-grained Android permission system.
Biography: Manuel Egele is a post-doctoral researcher at Carnegie Mellon University, Cylab. Before starting at CMU, he was a post-doctoral researcher at the Computer Security Group of the Department of Computer Science at the University of California, Santa Barbara. He received his MSc (2006) and Ph.D. (2011) degrees in computer science from the University of Technology in Vienna. His research interests span numerous areas of systems security -- in particular, mobile security, privacy, and malicious code analysis. His PiOS work received a distinguished paper award at the Network and Distributed Systems Security Symposium 2011. Lately, he started investigating techniques to aid developers in avoiding common pitfalls when applying cryptographic primitives in their mobile applications.
Host: Ramesh Govindan
Location: Seaver Science Library (SSL) - 150
Audiences: Everyone Is Invited
Contact: Assistant to CS chair
