Speaker: Hilmi Gunes Kayacik
Title: Mobile Device Security: the Good, the Bad and the Ugly
Date: Tuesday June 29, 2010
Time: 11:30 a.m.
Location: Jacob Slonim Conference Room (430)
6050 University Ave., Halifax
Note: Coffee and cookies will be provided, courtesy of Faculty of
Abstract: My talk will mainly focus on the mobile device security research that I am currently involved in at Carleton Computer Security Lab. Compared to personal computers; mobile devices (or smartphones) have limited bandwidth, computing resources and storage. On the other hand, they have access to information such as our address book, email and calendar, which makes them potentially valuable targets for attackers. The first part of my talk will review the security architectures of mobile platforms such as iPhone, Android, Blackberry and will speculate on the future attack trends. The second part of the talk will discuss our empirical study of Android mobile applications using the Self-Organizing Map (SOM) algorithm. Android is a Linux-based operating system for mobile devices. Android permission model mediates the inter-process communication and controls access to phone resources such as GPS, text messaging and networking thus it is a crucial component of the Android security. The main goal of the study is to understand how the applications use the Android permission model in practice (i.e., whether the design expectations meet the real-world usage characteristics). To this end, SOM, which is an unsupervised neural network algorithm, provides a suitable method for clustering and visualizing the application behavior as defined by the requested permissions. We believe such analysis can reveal interesting usage patterns, particularly when the permission model is being used by a wide spectrum of users with varying degrees of expertise.
Speaker Bio: Gunes Kayacik is a postdoctoral fellow at School of Computer Science, Carleton University in Ottawa. He received his PhD in Computer Science from Dalhousie University in 2009. His research interests are machine learning and its applications to various computer security problems such as intrusion detection, exploit analysis, network traffic analysis and mobile device security.
Host contact: Nur Zincir-Heywood firstname.lastname@example.org