[Busec] busec this week: Manuel Egele (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Sep 30 20:10:58 EDT 2014


This week, Manuel Egele, who is a new faculty member in BU's ECE
department, will present his work on static analysis for detecting privacy
leaks and misuse of cryptographic primitives at our usual seminar, with
lunch following.  The talk will, unusually, be held in MCS148.

Also, the deadline for submitting abstracts for lightening talks to the 1st
Annual New England Networking and Systems Day (NENS) is tomorrow, Oct 1!
Information available here:  http://systems.cs.brown.edu/nens/

Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

*****
Title: Static analysis on mobile applications for security and privacy
Speaker: Manuel Egele, BU
Wednesday October 1, 10-11:30 am
MCS148

 Mobile devices are ubiquitous. Apple sold more than 400 million iOS
devices to date, and it has been reported that more than 500 million
Android-based devices are in customers' hands. These devices open
exciting new avenues of innovation, such as location-based services and
mobile payment. Of course, the user has a legitimate desire to keep the
privacy-sensitive data that is managed by these smart devices safe and
secure. Unfortunately, mobile devices frequently expose such information to
prying third-party applications (apps).

In this talk, I will demonstrate how novel static analysis techniques can
be used to automatically assess whether apps adhere to the user's
expectation of privacy. My binary static analysis platform (PiOS) evaluates
different security properties on iOS applications. For example, PiOS
automatically detected numerous popular applications that leak privacy
sensitive data, such as address book contents or location information over
the Internet. Android surpassed iOS as the most popular smart phone
operating system.

In this talk, I will also present CryptoLint -- a fully automated static
analysis system that detects the misuse of cryptographic primitives in
Android applications. An extensive evaluation of over 11,000
applications from Google's play store indicates that 88% of these
applications misuse cryptographic primitives.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20140930/02698a4d/attachment.html>


More information about the Busec mailing list