Analysis Techniques for Mobile Operating System Security

Speaker

William Enck
Computer Science and Engineering
Pennsylvania State University

Abstract

Over the last several years, smartphone application markets such as Google's Android Market and Apple's App Store have become a thriving industry with simplified distribution and little barrier to entry for developers. Smartphone users face many security and privacy risks, the most wide-spread of which results from applications operating within the confines of existing operating system protections. In this talk, I will discuss how to assess the current state of smartphone security using a range of analysis techniques. Existing smartphone security is permission oriented. First, I will use a formal model of permission policy to understand the permissions an application asks for, defining a coarse upper bound on its runtime behavior. Second, I will present a performance efficient method of dynamic analysis to determine actual application behavior, and subsequently identify several privacy concerns in real applications. Finally, I will describe a static analysis approach to characterize potential behavior based on implemented functionality. Using these approaches, we identify trends and primary security security challenges so that future mobile operating system designs can mitigate existing threats.

About the Speaker

William Enck is a doctoral candidate in the Systems and Internet Infrastructure Security (SIIS) laboratory in the Computer Science and Engineering Department at Penn State University. William's research efforts primarily focus on mobile operating system security, but also include telecommunications security, access control mechanisms in operating systems, hardware security, voting systems security, network security, and large-scale network configuration.