This project investigates a new approach for describing and reasoning about security properties of smartphone applications. Smartphones are becoming pervasive, and smartphone applications are increasingly used for a variety of social, health, scientific, and military purposes. However, the capabilities these phones provide, such as access to GPS, camera, Internet, calendar, contacts, and other sensitive information can lead to major security risks. Today's smartphone development methodologies do little to help developers construct applications that safely access sensitive resources.

The goal of this project is to develop new program analysis techniques that can help developers express, reason about, and enforce security policies in smartphones. The proposed technical approach will allow developers to define rich security policies in an intuitive and flexible manner: as program code that interacts with a mobile application and checks desired properties. To ensure that application code conforms to such policies, the project is pursuing several techniques that leverage recent advances in static and dynamic program analysis. The project is also investigating approaches to automatically synthesize a code-based policy for a given application. The project is instantiating these ideas in the context of Google's Android operating system, and is evaluating the ideas in terms of effectiveness and performance on a broad range of Android-based smartphone applications.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1064997
Program Officer
Sol Greenspan
Project Start
Project End
Budget Start
2011-04-15
Budget End
2017-03-31
Support Year
Fiscal Year
2010
Total Cost
$433,415
Indirect Cost
Name
University of Maryland College Park
Department
Type
DUNS #
City
College Park
State
MD
Country
United States
Zip Code
20742