Yanick Fratantonio
Ph.D. Candidate
Department of Computer Science
University of California, Santa Barbara

"Program Analysis to Secure the Mobile Ecosystem"

Thursday, February 9, 4:00 PM
Packard Lab room 466

Abstract:   The official Google and Apple stores currently host millions of mobile apps, which are used by billions of users. In an ideal world, these users should be able to fully trust their devices and apps, and apps developers would focus on developing core features and functionality, without being concerned about introducing security vulnerabilities. During my talk, I will first provide an overview of my research, which aims at bridging the gap between this ideal world and the world we currently live in, where sophisticated malware and vulnerabilities in benign apps pose severe security risks. I will then present “trigger analysis,” a novel program analysis technique to identify logic bombs, malicious functionality that is triggered only when certain (often narrow) conditions are satisfied. I will also argue that mobile apps need to be analyzed within the context of their execution environment, and cannot be analyzed in isolation. In particular, I will show how the event-driven nature of mobile apps introduces implicit control flow transitions that malicious apps can (ab)use to evade current analysis systems, and I will then present a novel technique to tackle this problematic aspect. Finally, I will share my future interests in addressing unexplored areas of mobile security, Internet of Things, and code complexity analysis to detect and prevent denial-of-service attacks.

Bio:   Yanick Fratantonio is a Ph.D. candidate in Computer Science at University of California, Santa Barbara, advised by Giovanni Vigna and Christopher Kruegel. His research focuses on mobile systems security and privacy. In particular, his work aims at developing novel program analysis tools and techniques to keep users of mobile devices safe, and it spans different areas of mobile security, such as malware detection, vulnerability analysis, characterization of emerging threats, and the development of novel practical protection mechanisms. He was awarded the 2015 Outstanding Student Award in Computer Science at UC Santa Barbara. He earned his M.S. and B.S. at University of Illinois at Chicago and Polytechnic University of Milan.

© 2014-2016 Computer Science and Engineering, P.C. Rossin College of Engineering & Applied Science, Lehigh University, Bethlehem PA 18015.