Rise of the Planet of the Apps: Security and Privacy in the Age of Bad Code

19 Feb
Thursday, 02/19/2015 11:00am to 12:00pm
Seminar

Suman Jana
Stanford University
Computer Science Department

Computer Science Building, Room 151

Faculty Host: Amir Houmansadr

Computing is undergoing a major shift.  Third-party applications hosted in online software markets have become ubiquitous on all kinds of platforms: mobile phones, Web browsers, gaming devices, even household robots.  These applications often include yet more third-party code for advertising, analytics, etc.  These trends have dramatically increased the amount of bad code throughout the software stack - buggy code, malicious code, code that overcollects private information intentionally or by accident, overprivileged code vulnerable to abuse - as well as the amount of sensitive data processed by bad code.

In this talk, I will demonstrate that existing application platforms are ill-suited to dealing with bad code, thus causing security and privacy problems.  I will then show how to isolate bad code without affecting its useful functionality, by redesigning the interfaces across the software stack and controlling the information released to the applications by the platform.  I will also show how automated testing can identify bad code and help developers improve their applications.

A reception will be held at 3:40 in the atrium, outside the presentation room.