•   When: Monday, October 27, 2014 02:00 PM
•   Speakers: Hamid Bagheri Alireza Sadeghi
•   Location: ENGR 4201
•   Export to iCal

Abstract

Android is the most popular platform for mobile devices. It facilitates sharing of data and services among applications using a rich inter-application communication system. While access to resources can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, as permissions may be mismanaged, intentionally or unintentionally. Android's enforcement of the permissions is at the level of individual apps, allowing multiple malicious apps to collude and combine their permissions or to trick vulnerable apps to perform actions on their behalf that are beyond their individual privileges. In this talk, we will present our ongoing research which explores a proactive scheme for automated detection and mitigation of inter-application vulnerabilities. Our approach leverages concepts from the domains of formal methods, model-driven development, and programming languages, and allows the end-users to safeguard a given bundle of apps installed on their device from such complex, inter-app vulnerabilities. We will illustrate the ideas in the context of practical applications, discuss its potential to put the field forward, and pose important areas of research in the coming era.

Speaker's Biography

Hamid Bagheri is a Postdoctoral researcher in the Department of Computer Science at George Mason University. He received his PhD in Computer Science from University of Virginia in 2013. Hamid works in the crossroads of software engineering, program synthesis, and formal methods. His research career has focused on the development of techniques and tools that aid with the analysis and synthesis of software systems. He has been prolific in his early career, developing several novel techniques, including new methods and tools for compositional analysis of android inter-app vulnerabilities, synthesis of partial code frameworks from application architectures, and synthesis of object-relational mapping tradeoff spaces for database-centric applications. The results of his research have been published in some of the most prestigious software engineering venues, such as ICSE, ASE, and MoDELS, among others.

Alireza Sadeghi received the B.Sc. degree in computer (software) engineering and M.Sc. degree in information technology from Sharif University of Technology in 2008 and 2010, respectively. He is a Ph.D. student in the Department of Computer Science at George Mason University. His research interests focus on software engineering, specifically, static program analysis and mobile app security Inspection.