TC: Medium: Collaborative Research: Building Trustworthy Applications for Mobile Devices

Award #: 1064944
Amount Awarded: $350,000
Sponsoring Organization: NSF (CNS)
Grant Period: (9/1/2011-8/31/2014)

Abstract

Mobile handheld devices such as smartphones, PDAs, and smart media players have outpaced the growth of wired hosts, and are emerging as the predominant vehicle for Internet access. In recent years, newer mobile phones, including various versions from Apple, Google, Nokia, and others, have promoted greater programmability, radically changing the age-old model of mobile phones being a closed platform. However, openness arrives with new challenges of trustworthiness. The goal of this project is to improve the trustworthiness of mobile phones in their daily operations, by analyzing threats that occur either due to malware or due to regular applications, designing mitigation strategies, and evaluating developed solutions through a real deployment on a smartphone platform (Google Android) and operating in a real network (Sprint-Nextel). This project will undertake crosscutting research, educational, and outreach plan to improve the robustness, reliability, security, privacy, and overall trustworthiness of mobile phones. The primary focus of this project will be on performance and security threats that are unique to mobile phones, including malicious applications that ex-filtrate data, performance loss due to resource constraints, privacy threats of lost devices, and remote network-based attacks. Specifically, this project will investigate issues related to following topics: (i) performance instability due to resource constraints (ii) protection against malicious applications (iii) privacy against lost phones (iv) detection and prevention against other network attacks. Techniques developed will have broad benefits to research and society. These techniques will enhance the trustworthiness of mobile phones, thereby improving the confidence of users in using these devices in their daily activities. An educational plan will introduce new curriculum centered on the mobile phone platform and establishes a new undergraduate laboratory for hands-on mobile device programming.

Related Research Projects

Mobile Phone Security

Smartphone Application Analysis

Related Publications

Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel, Semantically Rich Application-Centric Security in Android. Security and Communication Networks, 5(6):658-673, 2012.

Patrick McDaniel, Bloatware Comes to the Smartphone. IEEE Security & Privacy Magazine, 10(4), July/August, 2011.

Damien Octeau, Somesh Jha, and Patrick McDaniel, Retargeting Android Applications to Java Bytecode. Proceedings of the 20th International Symposium on the Foundations of Software Engineering (FSE), November 2012.