LASR Colloquia - David Lie/University of Toronto, "Using SmartPhones to improve Security: New Capabilities and Challenges", ACES 2.302

Contact Name: 
Jenna Whitney
Date: 
Feb 2, 2012 11:00am - 12:00pm

There is a sign-up schedule for this event that can be found at

http://apps.cs.utexas.edu/talkschedules/cgi/list_events.cgi

Type o

f Talk: LASR Colloquia

Speaker/Affiliation: David Lie/University of To

ronto

Talk Audience: UTCS Faculty, Graduate Students, Undergraduate

Students and Outside Interested Parties

Date/Time: Thursday, February
2, 2012, 11:00 a.m.

Location: ACES 2.302

Host: Emmett Witchel

& Vitaly Shmatikov, CIAS

Talk Title: Using SmartPhones to improve Sec

urity: New Capabilities and Challenges

Talk Abstract:
The growth in

smartphone usage presents both new capabilities and challenges for security
practitioners. In this talk I will talk about two systems have been worki

ng on. The first, called Unicorn, leverages capabilities of smartphones

to solve old problems. Unicorn implements a scheme called "two-factor atte

station". In traditional attestation schemes to protect access to a remote
service, the user, on their own, must both verify the attestation of a

computer they will use, and if successful, then use their password to acc

ess the remote service. Unicorn leverages a Smartphone to both protect aut

hentication secrets and verify the attestation, thus freeing the user from
both of these security critical and often error-prone tasks.

One of t

he challenges of smartphones is how to secure them. The second system I wi

ll describe, called Pscout, which enables us to analyze the permission sy

stem of the Android smartphone OS. Because the documentation of Android‚s
permission system is incomplete, we developed PScout, a tool that extrac

ts the permission speci&#64257cation from the Android OS source code using

static analysis. PScout overcomes several challenges, such as scalability

due to Android‚s 3.4 million line code base, accounting for permission e

nforcement across processes due to Android‚s use of IPC, and abstracting
Android‚s diverse permission checking mechanisms into a single primitive
for analysis.

Bio:
David Lie received his B.S. from the University

of Toronto in 1998, and his M.S. and Ph.D from Stanford University in 2001
and 2004 respectively. He is currently an Associate Professor in the Depar

tment of Electrical and Computer Engineering at the University of Toronto.

While at Stanford, David founded and led the XOM (eXecute Only Memory) Pro

cessor Project, which supports the execution of tamper and copy-resistant

software. He was the recipient of a best paper award at SOSP for this work.
David is also a recipient of the MRI Early Researcher Award. David leads

the software security theme of the NSERC ISSNet Strategic Network on System

s Security and is a member of its Scientific Advisor Board. David has serv

ed on various program committees including OSDI, ASPLOS, Usenix Security
and IEEE Security & Privacy. Currently, his interests are focused on sec

uring mobile platforms, cloud computing security and increasing the reliab

ility of concurrent software.