Workshop Program

MoST 2012: Mobile Security Technologies 2012

May 24, 2012
Westin St. Francis hotel, San Francisco, CA

Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. (For full submission details, see the call for papers.)

Registration: Online registration. Workshop registration will also be available on-site.


7:30–8:30 Continental Breakfast
8:45–9:00 Opening Remarks
9:00–10:00 Keynote: Spies in our pockets? Lessons from the Carrier IQ scandal about privacy and transparency on contemporary cellular networks. (Slides)

Carrier IQ is a data collection platform that wireless carriers and mobile handset manufactuers use to obtain data about network conditions, and the way their customers use their phones/pocket computers. Carrier IQ became extremely controversial in 2011, when researchers noticed that deployments of the software were observing and in some cases uploading a wide range of sensitive personal information on people's phones. This talk will discuss the complex architecture and variants of the Carrier IQ stack, and some of the lessons from the Carrier IQ scandal about privacy and transparency in the world of cellular networks.

Speaker: Peter Eckersley is Technology Projects Director at the Electronic Frontier Foundation, a San Francisco based digital civil liberties organization. He does technical and policy work on a wide range of issues, including privacy, security, network neutrality, copyright and innovation. Projects he has led at EFF include HTTPS Everywhere, Panopticlick, the SSL Observatory, Switzerland, and Surveillance Self-Defense International.

10:00–10:30 Break
10:30–12:00 Session 1 (Joint with W2SP): Mobile Web
Chair: Larry Koved

Michael Hackett and Kirstie Hawkey (Dalhousie University)
Security, Privacy and Usability Requirements for Federated Identity

Kapil Singh (IBM T.J. Watson Research Center)
Can Mobile learn from the Web? (Short Paper)

Jenna Kallaher, Amal Krishnan, Paul Makowski, Eric Yawei Chen, and Collin Jackson (Carnegie Mellon University)
Cruel Intentions: A Security Analysis of Web Intents (Short Paper)

Markus Jakobsson (Extricatus LLC), Sebastien Taveau (Validity Inc)
The Case for Replacing Passwords with Biometrics (Short Paper) (slides)

12:00–13:00 Lunch
13:00–15:00 Session 2: Application Security and Privacy
Chair: Adrienne Porter Felt

Ryan Stevens, Clint Gibler, Jon Crussell, Jeremy Erickson, Hao Chen (UC Davis)
Investigating User Privacy in Android Ad Libraries (slides)

Jinyung Kim, Yongho Yoon, Kwangkeun Yi (Seoul National University)
ScanDal: Static Analyzer for Detecting Privacy Leaks in Android Applications (slides)

Gökhan Bal(Goethe University)
Revealing Privacy-Impacting Behavior Patterns of Smartphone Applications (Short Paper) (slides)

Karim O. Elish, Danfeng Yao, Barbara G. Ryder (Virginia Tech)
User-Centric Dependence Analysis For Identifying Malicious Mobile Apps (Short Paper) (slides)

Benjamin Davis, Ben Sanders, Armen Khodaverdian, Hao Chen (UC Davis)
I-ARM-Droid: A Rewriting Framework for In-App Reference Monitors for Android Applications (Short Paper) (slides)

Gary Kenworthy, Pankaj Rohatgi (Cryptography Research Inc)
Mobile Device Security: The case for side channel resistance (Short Paper) (slides)

15:00–15:30 Break
15:30–16:30 Session 3: Mobile Markets and More
Chair: Dan Wallach

David Barrera, William Enck, Paul C. van Oorschot (Carleton University, NC State University)
Meteor: Distributed Security for Platforms with Multiple App Markets (Short Paper) (slides)

Devdatta Akhawe, Matthew Finifter (UC Berkeley)
Product Labels for Mobile Application Markets (Short Paper) (slides)

David Weinstein (MITRE Corp)
A Security Hygienic Smart Charger for Mobile Devices (Short Paper) (slides)

Markus Jakobsson, Ruj Akavipat (PayPal, Mahidol University)
Rethinking Passwords to Adapt to Constrained Keyboards (Short Paper) (slides)

16:30–17:00 Open discussions and future directions