CUUG. Calgary UNIX Users Group. Dedicated to Unix & Open Systems

Recent Items from this Page (Past Meetings)

100% Operated by Volunteers. Join Our Ranks!

Last Update: $Date: 2019-02-26 23:26:35-07 $


Join our events mailing list to receive information on CUUG events such as our general meetings, Open House, special guests, etc.

Don't forget to check our other mailing lists too.

March General Meeting

Your Smartphone Apps Are Spying on You

Speaker: Joel Reardon, Assistant Professor, University of Calgary

Joel Reardon

Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources. However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels. Side channels present in the implementation of the permission system allow apps to access the data without permission; whereas covert channels enable communication between two colluding apps so that one app can share its permission-protected data with another app lacking those permissions. Both pose threats to user privacy.

This talk presents research where we make use of our infrastructure that runs hundreds of thousands of apps in an instrumented environment. This testing environment includes mechanisms to monitor apps' runtime behaviour and network traffic. We look for evidence of side and covert channels being used in practice by searching for sensitive data being sent over the network for which the sending app did not have permissions to access it. We then reverse engineer the apps and third-party libraries responsible for this behaviour to determine how the unauthorized access occurred. We also measure the prevalence of the use of the technique in practice across other apps by using software fingerprinting methods.

Prof. Joel Reardon is an assistant professor at the University of Calgary. Prior to starting in Calgary, he did his Master's at the University of Waterloo, doctoral degree at the ETH Zurich, and a post-doctoral year at the UC Berkeley and the International Computer Science Institute (ICSI). His research interests relate to security and privacy including issues for storage and compliance as well as systems to make it easier to use. He also loves mountains, bicycles, and writing poetry.

Place 800

800 - 6 Ave. S.W.
Plus-15 Conference Room

There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.

5:30 PM, Tuesday, March 26, 2019

Snacks at 17:30. Meeting begins at 18:00.

Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.