Mon 26 Oct 2015 11:15 - 11:30 at Edenburg - Session II Chair(s): Aharon Abadi, Lori Flynn, Jeff Gray

Smart home automation and IoT promise to bring many advantages but they also expose their users to certain security and privacy vulnerabilities. For example, leaking the information about the absence of a person from home or the medicine somebody is taking may have serious security and privacy consequences for home users and potential legal implications for providers of home automation and IoT platforms. We envision that a new ecosystem within an existing smartphone ecosystem will be a suitable platform for distribution of apps for smart home and IoT devices. Android is increasingly becoming a popular platform for smart home and IoT devices and applications. Built-in security mechanisms in ecosystems such as Android have limitations that can be exploited by malicious apps to leak users’ sensitive data to unintended recipients. For instance, Android enforces that an app requires the Internet permissions in order to access a web server but it does not control which servers the app talks to or what data it shares with other apps. Therefore, sub-ecosystems that enforce additional fine-grained custom policies on top of existing policies of the smartphone ecosystems are necessary for smart home or IoT platforms. To this end, we have built a tool that enforces additional policies on inter-app interactions and permissions of Android apps. We have done preliminary testing of our tool on three proprietary apps developed by a future provider of a home automation platform. Our initial evaluation demonstrates that it is possible to develop mechanisms that allow definition and enforcement of custom security policies appropriate for ecosystems of the like smart home automation and IoT.

Mon 26 Oct

Displayed time zone: Eastern Time (US & Canada) change

10:30 - 12:00
Session IIMobileDeLi at Edenburg
Chair(s): Aharon Abadi IBM Research, Lori Flynn CERT, Jeff Gray University of Alabama, USA
10:30
5m
Talk
An Evaluation Framework For Selection Of Mobile App Development Platform
MobileDeLi
Arvind Hudli MSRIT, Shrinidhi Hudli UCLA, Raghu Hudli ObjectOrb Technologies Pvt. Ltd
10:35
20m
Talk
Assessing the Benefits of Computational Offloading in Mobile-Cloud Applications
MobileDeLi
Tahmid Nabi Oregon State University, Pranjal Mittal Oregon State University, Pooria Azimi Oregon State University, Danny Dig Oregon State University, Eli Tilevich Virginia Tech
10:55
20m
Talk
Implementing real-time collaboration in TouchDevelop using AST merges
MobileDeLi
Jonathan Protzenko Microsoft Research
11:15
15m
Talk
Enforcing Fine-Grained Security and Privacy Policies in an Ecosystem within an Ecosystem
MobileDeLi
Waqar Ahmad Carnegie Mellon University, Joshua Sunshine Carnegie Mellon University, Christian Kästner Carnegie Mellon University, Adam Wynne Bosch Research and Technology Center
11:30
15m
Talk
Automatic Detection, Correction and Visualization of Security Vulnerabilities in Mobile Apps
MobileDeLi
Marco Pistoia IBM Research, USA, Omer Tripp IBM Research, USA, Pietro Ferrara IBM Research, USA, Paolina Centonze Iona College
11:45
15m
Talk
Scalable Race Detection for Android Applications
MobileDeLi
Pavol Bielik ETH Zurich, Switzerland, Veselin Raychev ETH Zurich, Switzerland, Martin Vechev ETH Zurich, Switzerland