Abstract:

Over the last several years, smartphone application markets such as
Google's Android Market and Apple's App Store have become a thriving
industry with simplified distribution and little barrier to entry for
developers. Smartphone users face many security and privacy risks, the
most wide-spread of which results from applications operating within
the confines of existing operating system protections. In this talk, I
will discuss how to assess the current state of smartphone security
using a range of analysis techniques. Existing smartphone security is
permission oriented. First, I will use a formal model of permission
policy to understand the permissions an application asks for, defining
a coarse upper bound on its runtime behavior. Second, I will present a
performance efficient method of dynamic analysis to determine actual
application behavior, and subsequently identify several privacy
concerns in real applications. Finally, I will describe a static
analysis approach to characterize potential behavior based on
implemented functionality. Using these approaches, we identify trends
and primary security challenges so that future mobile operating system
designs can mitigate existing threats.

Short Bio:

William Enck is a doctoral candidate in the Systems and Internet
Infrastructure Security (SIIS) laboratory in the Computer Science and
Engineering Department at Penn State University. His research efforts
primarily focus on mobile operating system security, but also include
telecommunications security, access control mechanisms in operating
systems, hardware security, voting systems security, network security,
and large-scale network configuration.