Date

Presenter

Topic

Sep 28

Billy Zhou

Smartphones are now ubiquitous. An attractive feature of these devices is their ability to download a wide variety of third party applications. Since these devices are used more frequently than a personal computer and contain a great deal of sensitive personal information, smartphones are becoming a major target for security exploitation. Because of the novelty of these devices, the security infrastructure available in current smartphone operating systems are still immature. The purpose of our research is to carry out a comprehensive security analysis of a smartphone OS, specifically Android, in order to evaluate and improve its security and usability.

Oct 5

Jack Sun

We have been developing a framework, called Recon, that uses runtime checking to protect the integrity of file-system metadata on disk. Recon performs consistency checks at commit points in transaction-based file systems. We define declarative statements called consistency invariants for a file system, which must be satisfied by each transaction being committed to disk. By checking each transaction before it commits, we prevent any corruption to file-system metadata from reaching the disk.

Oct 12

Kathy Au

Many smartphone operating systems implement strong sandboxing for 3rd party application software. As part of this sandboxing, they feature a permission system, which conveys to users what sensitive resources an application will access and allows users to grant or deny permission to access those resources. In this paper, we survey the permission systems of several popular smartphone operating systems and taxonomize them by the amount of control they give users, the amount of information they convey to users and the level of interactivity they require from users. We discuss the problem of permission overdeclaration and devise a set of goals that security researchers should aim for, as well as propose directions through which we hope the research community can attain those goals.

Oct 19

Isaac Good

Isaac is currently working on a system that uses historic DNS and WHOIS data to construct a set of features which describes some network level properties of a domain. Using labels, these features are used to train a classifier which can then be used to detect malicious domains as soon as they appear.

Dec 7

Phillipa Gill

This past week I attended the IBM Student Workshop For Cloud Computing . The workshop covered a wide range of topics relating to cloud computing. In this talk, I will summarize the talks at the workshop that are of most interest to our group.