Science of Secure Frameworks (CMU/Wayne State University/George Mason University Collaborative Proposal) - April 2017

Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

PI(s): David Garlan (CMU), Jonathan Aldrich (CMU)
Researchers: Marwan Abi Antoun (Wayne State University), Sam Malek (University of California, Irvine), Joshua Sunshine (CMU), Bradley Schmerl (CMU)

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)
This refers to Hard Problems, released November 2012.

By leveraging approaches to software architecture we will be able to better understand the security implications of frameworks used to build many of today's mobile software systems. This will allow us and provide tools and techniques for building more scalable and composable frameworks that have security assurances that can be verified statically, can be used for building self-securing resllient systems, and that ultimately reduce security vulnerabilities in frameworks and applications based on them in practice.

2) PUBLICATIONS

• DELDroid: Determination and Enforcement of Least-Privilege Architecture in Android. Mahmoud Hammad, Hamid Bagheri, and Sam Malek. IEEE International Conference on Software Architecture (ICSA 2017), Gothenburg, Sweden, April 2017.

3) KEY HIGHLIGHTS

we have developed DELDROID, an automated system for determination of least privilege architecture in Android and its enforcement at runtime. A key contribution of our approach is the ability to limit the privileges granted to apps without the need to modify them. DELDROID utilizes static program analysis techniques to extract the exact privileges each component needs for providing its functionality.

4) COMMUNITY ENGAGEMENT

5) EDUCATIONAL ADVANCES