Mobile Security Technologies (MoST) 2013

Thursday, May 23
The Westin St. Francis Hotel, San Francisco

Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. (For full submission details, see the call for papers.)

Previous MoST Workshop:  2012


8:00–9:00 Breakfast
9:00–9:10 Opening Remarks
9:10–10:10 Keynote: Security and Privacy Challenges in Mobile Augmented Reality

Augmented reality (AR) takes natural user input (NUI), such as gestures, voice, and eye gaze, and produces digital visual overlays on top of reality seen by a user. Today, multiple shipping AR applications exist, most notably titles for the Microsoft Kinect and smartphone applications such as Layar, Wikitude, and Junaio. Even heads-up displays, previously restricted to limited military and industrial applications, look set to reach consumers with Google Glass. I will survey research challenges in mobile augmented reality systems. Because these systems work with noisy “natural” inputs, and because they have new output methods, our systems must re-think the input and display abstractions exposed to applications. Because these systems will be continuous, they stress our already serious challenges in mobile systems with privacy for users and bystanders. Finally I will touch on positive security and privacy applications that such systems may enable.

Speaker: David Molnar is a Researcher at Microsoft Research in the Security and Privacy Group led by Helen Wang. He earned his PhD at the University of California, Berkeley in 2009, advised by David Wagner.

10:10–10:30 Break
10:30–12:15 Session 1: Location and Permission (Chair: Ahmad-Reza Sadeghi)

Kristopher Micinski, Philip Phelps and Jeffrey Foster (University of Maryland)
An Empirical Study of Location Truncation on Android (slides)

Kristen Kennedy, Eric Gustafson and Hao Chen (University of California, Davis)
Quantifying the Effects of Removing Permissions from Android Applications

Theodore Book, Adam Pridgen and Dan Wallach (Rice University)
Longitudinal Analysis of Android Ad Library Permissions

Steffen Liebergeld, Matthias Lange and Collin Mulliner (Technische Universität Berlin)
Short Paper: Nomadic Honeypots: A Novel Concept for Smartphone Honeypots

12:15–1:30 Lunch
1:30–3:15 Session 2: Authentication (Chair: Clinton Gibler)

Tianhao Tong and David Evans (University of Virginia)
GuarDroid: A Trusted Path for Password Entry

Ugur Cil and Kemal Bicakci(TOBB University of Economics and Technology)
gridWordX: Design, Implementation, and Usability Evaluation of an Authentication Scheme Supporting Both Desktops and Mobile Devices

Sarah Pidcock and Urs Hengartner (University of Waterloo)
Zerosquare: A Privacy-Friendly Location Hub for Geosocial Applications (slides)

Jung-Sang Ahn and Seungryoul Maeng (KAIST)
Short Paper: Low-Overhead User Data Protection for Smartphones using Plaintext Cache

3:15–3:45 Break
3:45–4:45 Session 3: Privacy and Attacks (Session Chair: Larry Koved)

Lanier Watkins, Cherita Corbett, Benjamin Salazar, Kevin Fairbanks (Johns Hopkins University Applied Physics Lab) and William H. Robinson (Vanderbilt University)
Using Network Traffic to Remotely Identify the Type of Applications Executing on Mobile Devices (slides)

Salvador Mandujano (Intel Corporation)
Privacy in the Mobile Hardware Space: Threats and Design Considerations

4:45– Schmoozing