May 3, 2016: Invited Speaker Seminar: Smartphone Security

Dr. David Lie
Professor, University of Toronto

Tuesday, May 3, 2016 at 4:00 pm
Room EV003.309

Abstract

The growth in smartphone usage presents both new capabilities and challenges for security practitioners.  On one hand, smartphones represent a computing device that is always with the user, is always on, and generally has an Internet connection, making creating new opportunities for monitoring and securing user data.  On the other hand, these same properties mean that smartphones tend to contain a great deal of private information, making them a serious challenge to the personal privacy and security of users.

To address these challenges, we have also built systems that aim to improve smartphone security.  I will discuss our PScout tool, which enables us to analyze the permission system of Android. PScout uses static analysis of the Android source code to extract a mapping of Android APIs to permissions.

Our analysis of the data reveals several interesting properties of the Android permissions system.  I will also discuss our more recent work on IntelliDroid, a system that performs targeted execution of malicious behaviors to detect Android Malware.

I will also present some of the systems we have built that capitalize on opportunities for smartphones can improve user security.  I'll talk about Caelus, which uses a smartphone to monitor the integrity of data stored in the cloud.  Caelus exploits the property that smartphones are rarely switched off to enable low-cost, near real-time monitoring of the integrity and consistency of personal data stored in the cloud.

Biography

David Lie received his B.S. from the University of Toronto in 1998, and his M.S. and Ph.D from Stanford University in 2001 and 2004 respectively. He is currently an Associate Professor in the Department of Electrical and Computer Engineering at the University of Toronto and the Canada Research Chair in Secure and Reliable Computer Systems.  David is also a recipient of the MRI Early Researcher Award.  While at Stanford, David founded and led the XOM (eXecute Only Memory) Processor Project, which supports the execution of tamper and copy-resistant software. He was the recipient of a best paper award at SOSP for this work.  More recently, he and his students have developed the PScout Android Permission mapping tool, whose datasets have been downloaded over 10,000 times and used in dozens of subsequent papers.  David has served on various program committees including OSDI, ASPLOS, Usenix Security and IEEE Security & Privacy.  Currently, his interests are focused on securing mobile platforms, cloud computing security and increasing the reliability of software.