Software Special Interest Group Meeting  

Exposing Security Risks For Commercial Mobile Devices (CMDs)

Presented by: Jeff Voas and Angelos Stavrou

Tuesday March 27, 2012

Recent advances in the hardware capabilities of mobile hand-held devices have fostered the development of open source operating systems and a wealth of applications for mobile phones and table devices. This new generation of smart devices, including iPhone and Google Android, are powerful enough to accomplish most of the user tasks previously requiring a personal computer.  In this talk, we will discuss the cyber threats that stem from these new smart device capabilities and the online application markets for mobile devices. These threats include malware, data exfiltration, exploitation through USB, and user and data tracking. We will present the ongoing George Mason University (GMU) and National Institute of Standards and Technology (NIST) efforts to defend against or mitigate the impact of attacks against mobile devices. Our approaches involve analyzing the source code and binaries of mobile applications, hardening the Android Kernel, using Kernel-level network and data encryption, and controlling the communication mechanisms for synchronizing the user contents with computers and other phones. We will also explain the enhanced difficulties in dealing with these security issues when the end-goal is to deploy security-enhanced smart phones into military combat settings. The talk will conclude with a discussion of our current and future research directions and outcomes.  

Jeff Voas is a computer scientist at NIST. Before joining NIST, Voas was an entrepreneur and co-founded Cigital. He has served as the IEEE Reliability Society President, and serves as an IEEE Director. Voas co-authored two John Wiley books (Software Assessment: Reliability, Safety, and Testability and Software Fault Injection: Inoculating Software Against Errors), is currently an Associate Editor-In-Chief of IEEE’s IT Professional Magazine, is on the editorial board of IEEE Computer Magazine, and is on the Editorial Advisory Board of IEEE Spectrum Magazine. He received his undergraduate degree in computer engineering from Tulane University and received his M.S. and Ph.D. in computer science from the College of William and Mary. He is a Fellow of the IEEE and the American Association for the Advancement of Science (AAAS).

Angelos Stavrou is Assistant Professor in the Computer Science Department and a member of the Center for Secure Information Systems at GMU. He received his M.Sc. in Electrical Engineering, M.Phil. and  Ph.D. (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from University of Athens, and a B.Sc. in Physics with distinction from University of Patras, Greece. Dr Stavrou has published over 40 papers on large systems security & survivability in major international journals and conferences. Dr. Stavrou’s research interests are Large Systems Security & Survivability, Intrusion Detection Systems, Privacy and Anonymity, and Security for MANETs and Mobile Devices. His research is funded by several organizations including NSF, DARPA, ARO, DHS, AFOSR, IARPA, and NIST. Dr. Stavrou received the Computer Science Department Young Faculty Research Award in 2010.