Research Area: Mobility
Many common app misbehaviors and vulnerabilities are instances of simple information-flow property violations. We are developing information-flow based mechanisms to better control app misbehavior and to allow programmers and end users to better protect their apps' secrets. Our mechanisms use a combination of static analysis (to flag or rule out non-compliant applications without even running them) and run-time enforcement (to protect against apps that can't a priori be classified as clearly harmful or clearly safe).
Outcomes: Designs for safer security architectures for mobile platforms such as Android. Also, since the app-based software deployment model is becoming common on other platforms (e.g., Windows 8, MacOS, web browsers), our research outcomes will also to a large extent be applicable in those contexts.