Seminars & Colloquia
Pennsylvania State University
"Analysis Techniques for Mobile Operating System Security"
Monday November 29, 2010 09:30 AM
Location: 3211, Engineering Building II NCSU Centennial Campus
(Visitor parking instructions)
Over the last several years, smartphone application markets such as Google's Android Market and Apple's App Store have become a thriving industry with simplified distribution and little barrier to entry for developers. Smartphone users face many security and privacy risks, the most wide-spread of which results from applications operating within the confines of existing operating system protections. In this talk, I will discuss how to assess the current state of smartphone security using a range of analysis techniques. Existing smartphone security is permission oriented. First, I will use a formal model of permission policy to understand the permissions an application asks for, defining a coarse upper bound on its runtime behavior. Second, I will present a performance efficient method of dynamic analysis to determine actual application behavior, and subsequently identify several privacy concerns in real applications. Finally, I will describe a static analysis approach to characterize potential behavior based on implemented functionality. Using these approaches, we identify trends and primary security challenges so that future mobile operating system designs can mitigate existing threats.
William Enck is a doctoral candidate in the Systems and Internet Infrastructure Security (SIIS) laboratory in the Computer Science and Engineering Department at Penn State University. His research efforts primarily focus on mobile operating system security, but also include telecommunications security, access control mechanisms in operating systems, hardware security, voting systems security, network security, and large-scale network configuration.
Host: Peng Ning, Computer Science, NCSU