Runtime Monitors for Hybrid Mobile Apps and Other Stories

  • Date Tuesday, December 18, 2018  Time 1:00 PM
  • Speaker Dr. Meera Sridhar, Assistant Professor at UNC Charlotte
  • Location Galois Inc., 421 SW 6th Ave. Suite 300, Portland, OR, USA, (3rd floor of the Commonwealth building)
  • Galois is pleased to host the following tech talk.
    These talks are open to the interested public--please join us!
    (There is no need to pre-register for the talk.)

    The presentation will not be live streamed.

Abstract:

The formidable growth of the cyber-threat landscape today is accompanied by an imperative need for providing high-assurance software solutions. In the last decade, binary hardening via In-lined Reference Monitoring (IRMs) has been firmly established as a powerful and versatile technology, providing superior security enforcement for many platforms. IRM frameworks rewrite untrusted binary code, inserting runtime checks to produce safe, self-monitoring code; IRMs are equipped with the ability to enforce a rich set of history-based policies, without requiring access to source code.

In this talk, we present HybridGuard, an IRM framework for hybrid mobile apps. Hybrid mobile frameworks, such as React Native, Ionic, PhoneGap etc., are rapidly becoming the mainstay technology for developing mobile apps. Here, the developer need only write web code, and the framework automatically ports to popular mobile platforms such as Android, iOS etc. While slick, quick, and cost-effective, the exposure of sensitive mobile device resources to web content dramatically increases the attack surface, rendering the apps vulnerable to a slew of dangerous attacks such as code-injection, fracking, cross-site scripting, tapjacking, amongst others.

HybridGuard allows developers fine-grained access control and rich policy enforcement over hybrid mobile apps, protecting against the dangerous vulnerabilities that web code inclusion brings. We will discuss the research challenges and successes on adapting the IRM technology to secure this complex, cross-platform mobile space, and probe into its natural extension into the world of Internet-of-Things.

Bio:

Dr. Meera Sridhar is an Assistant Professor in the Department of Software and Information Systems at UNC Charlotte. Her research interests span language-based and systems security, formal methods, and their application to web, mobile and Internet-of-Things security. Her research is currently supported by the National Science Foundation (NSF). Dr. Sridhar is a member of ACM, ACM-W and WiCyS.

Dr. Sridhar received her Bachelor’s in Computer Science from Carnegie Mellon University in 2002, graduating with University and College Honors. She received her Master’s in Computer Science from Carnegie Mellon University in 2004, and her Ph.D. in Computer Science from The University of Texas at Dallas in 2014. Dr. Sridhar is an International Baccalaureate Diploma holder from the International School Manila, Philippines.