[PAST EVENT] Data Secrecy in Emerging Computing Platforms
Modern commodity operating systems such as Android, iOS, and Windows 8 have changed the way consumers interact with computing devices. On these operating systems, third-party applications provide tremendous functionality for creating, processing, managing, and sharing user data. Moreover, users can complete complex tasks by stringing together purpose-specific third-party applications (e.g., an email application, a document viewer, a barcode scanner). However, while user-directed information sharing among applications provides value, it exposes user data to the risk of accidental or malicious exfiltration from the device. In this talk, I will discuss how the threat of unauthorized disclosure of user data can be addressed, while allowing users to use the applications they want in the ways they want. Specifically, I will discuss approaches to design, enforce and specify security policies in an operating system to protect user data. First, I will describe the design of information flow control policies for protecting application-specific user data. Second, I will describe the security and practicality challenges for dynamic information flow control enforcement, and explore techniques that allow precise and secure enforcement over unmodified applications. Finally, I will discuss the need for user-specific security policy specification, and describe a novel approach for predicting security policies based on examples. The lessons learned from these approaches motivate the treatment of user-directed sharing as a first-class security problem, and lay the groundwork for involving the user in specifying user data security policies.
Adwait Nadkarni is a doctoral candidate in the Department of Computer Science at North Carolina State University. Adwait's research aims to protect the security of user data on commodity operating systems, without restricting the functionality and use of untrusted third-party applications. His research interests also include the areas of access control, mobile application security, operating systems security extensibility, and large-scale application analysis. Adwait has served as the lead graduate student of the Wolfpack Security and Privacy Research (WSPR) laboratory at NC State since August 2015.
Xu Liu 757-221-7739