Dr. David Naumann, Professor of Computer Science at Stevens Institute of Technology, has won a grant from the National Science Foundation (NSF) to develop tools that cost-effectively evaluate the trustworthiness of mobile apps on the Android platform in the face of looming security threats. Mobile applications on smartphones, tablets and other mobile devices are quickly becoming the new Web, assuming many of the tasks that a few short years ago could only be carried out on a desktop or laptop computer. They give people the ability to view restaurant menus, plan trips, play games and even conduct banking transactions from their mobile phones and tablets. People now use apps more than Web browsers on their mobile devices. Unfortunately, apps are also the most common way through which smartphone security is compromised. Android is the most popular smartphone platform with a 52% market share, and TrendMicro found 25,000 Android malware in July 2012, including apps that send advertisements as urgent notifications, sign users up for premium services without their permission, steal personal and financial data, and spy on users’ GPS location, messages and call log.
“Mobile apps are already a massive part of our lives, representing a market worth around $20 billion,” says Dr. Michael Bruno, Dean of the Charles V. Schaefer, Jr. School of Engineering and Science. “Dr. Naumann’s research will ensure that the vast potential of this burgeoning market is not marred by a lack of essential security.”
App developers are creating applications that desirably interact with other apps, for instance accessing information about the music one listens to and sharing it with friends. However, this capability opens the door to unwanted or even malicious access to personal or financial information. “Dr. Naumann is creating tools that allow useful interactions in order to expand mobile app functionality and experiences, while at the same time blocking apps that try to access sensitive data without permission,” says Dr. Dan Duchamp, Director of the Department of Computer Science. “This preserves users’ security as well as designers’ freedom to innovate.”
Dr. Naumann’s research focuses on enterprise scenarios, in which personnel at a business or government agency use mission-related apps and access enterprise networks. These settings often involve highly sensitive and valuable information that must be protected. As mobile applications become highly interwoven in people’s lives, it is increasingly difficult to restrict their use or ban them altogether. Therefore, tightening app security is essential to preserving security without encumbering workflow and effective communication. These factors provide strong incentives for better evaluation and control of application information flow than are currently available in commodity app marketplaces.
“It is easy to look for known viruses or malware, but much more difficult to determine that a given piece of code will at some point violate a system’s security,” says Dr. Naumann. “Simply observing the behavior of an app is not always enough, because sophisticated malware can disguise its behavior and lay dormant before finally compromising a system’s security.”
In response, Dr. Naumann will employ static analysis, running programs that analyze other programs to detect security flaws. Although fundamental results in computer science research have shown that it is impossible to write a program that can be guaranteed to provide comprehensive information about another program, Dr. Naumann is making innovative strides toward techniques that will overcome these challenges and provide more security than is currently available.
Dr. Naumann’s work will provide software developers with reliable measures to detect design flaws and bugs, malware in third-party software, and unintended functionality. While the project is focused on government agencies and the private sector, the results will indirectly benefit the general population. The average consumer’s personal information is increasingly being compromised, bought and sold, raising the importance of app security for the public.
Interested in learning more and finding out how you can participate in groundbreaking research? Visit our Computer Science Department and check out the offices of Undergraduate and Graduate Admissions to enroll!
Learn more: www.stevens.edu/compsci/