Reasoning about Accidental and Malicious Misuse via Formal Methods

PI(s), Co-PI(s), Researchers:

PI: Munindar Singh; Co-PIs: William Enck, Laurie Williams; Researchers: Hui Guo, Samin Yaseer Mahmud, Md Rayhanur Rahman

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

• Policy

This project seeks to aid security analysts in identifying and protecting against accidental and malicious actions by users or software through automated reasoning on unified representations of user expectations and software implementations to identify misuses sensitive to usage and machine context.

PUBLICATIONS
Papers written as a result of your research from the current quarter only.

None this quarter.

KEY HIGHLIGHTS
Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

• Through manual collection and examination of app reviews that describe spying activities with apps, we have determined the necessity of considering app reviews for identifying apps that can aid spying, either explicitly or through misuses. Based on this understanding, we began developing a computational framework for spotting such apps, in which we first identify apps that can potentially be misused for spying based on their metadata (e.g., their descriptions and permissions), collect their reviews, and determine their spying capability based on user-reported stories.

COMMUNITY ENGAGEMENTS

• None

EDUCATIONAL ADVANCES: