[PAST EVENT] Ed Novak--Oral Examination for the Ph.D. Degree, Computer Science

September 25, 2014
11am - 1:30pm
McGlothlin-Street Hall, Room 002
251 Jamestown Rd
Williamsburg, VA 23185Map this location
We live in a world where mobile devices are already ubiquitous. It is estimated that in May of 2014 there were 6.9 billion mobile cellular subscriptions world-wide (1 Billion being smart devices), almost as much as the world population. Because of this ubiquity, smart mobile device security and privacy are primary concerns. My research focuses on increasing the security and privacy of user data on smart mobile devices. We propose three applications in this domain: (1) a system for private, mobile location sharing, (2) a secure, interim alternative to near field communication (NFC) radios, and (3) a potential attack vector in mobile devices which utilizes novel covert channels. For the attack vector, we also propose a first step towards a robust defense mechanism.

My first project is the design and implementation of a system, which provides users with a private and secure location sharing service. Users can share their location with one another with trust and location based access controls. We allow users to identify if they are within a certain distance of one another, without either party revealing their location. For my second application, we build a system which enables proximity based networking without special near field communication (NFC) or Bluetooth (BT) hardware. My proposed scheme, which utilizes ultrasound audio, is fast, achieving several thousand bits per second, non-intrusive, secure, requiring attackers to be less than a few centimeters away, and does not require any special hardware. My third work exposes a novel attack vector utilizing physical media covert channels on smart devices to enable privilege escalation, and confused deputy attacks. The attack uses these covert channels to launder sensitive information, thereby circumventing state of the art, taint-tracking analysis based defenses. I also propose a novel, yet simple, defense technique as a first step towards a robust defense.

As a contribution to the field, we present these three systems which together enrich the smart mobile experience, while providing mobile security and keeping privacy in mind. Our third approach specifically, presents a unique attack, which has not been seen "in the wild'', in an effort to keep ahead of malicious efforts.

Bio: Ed Novak was born and raised in Schaumburg, IL, a suburb of Chicago. He attended Schaumburg High School and he began studying computer science as an undergraduate at Monmouth College in Monmouth, IL. After only a few courses his curiosity was peaked and he decided to major in the subject.

He continued his computer sciences studies at William and Mary after graduating in 2010. In 2012 he earned his Master's degree at W&M and began candidacy for a Ph. D. under his advisor, Dr. Qun Li.