Visible to the public Reasoning about Accidental and Malicious Misuse via Formal MethodsConflict Detection Enabled

Submitted by nzahan on Sat, 06/18/2022 - 9:50pm

PI(s), Co-PI(s), Researchers:

PI: Munindar Singh; Co-PIs: William Enck, Laurie Williams; Researchers: Hui Guo, Samin Yaseer Mahmud, Md Rayhanur Rahman, Vaibhav Garg

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

  • Policy

This project seeks to aid security analysts in identifying and protecting against accidental and malicious actions by users or software through automated reasoning on unified representations of user expectations and software implementations to identify misuses sensitive to usage and machine context.

PUBLICATIONS

Samin Yaseer Mahmud and William Enck, 2022. A Study of Security Weaknesses in Android Payment Service Provider SDKs, in Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS) Poster Session.

Sanjana Cheerla, Vignitha Ampally, Vaibhav Garg, Saikath Bhattacharya, Munindar P. Singh, 2022. Identifying Online Misbehavior on the Science of Security (HotSoS) Poster Session.

KEY HIGHLIGHTS

Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

We engaged with 14 Payment Service Provider (PSP) SDK vendors regarding vulnerabilities we discovered in their SDKs to help them identify specific security weaknesses.

We developed an approach to identify how rogue behavior is potentially made actionable through app reviews. The approach is to classify sentences in app reviews that indicate cooperation for misuses for Intimate Partner Surveillance (IPS). Specifically, this approach seeks to identify when a IPS app reviewer seeks a suggestion, provides a suggestion, or netiher.

COMMUNITY ENGAGEMENTS

None.

EDUCATIONAL ADVANCES:

We involved two female undergraduate students this quarter. They coauthored a HotSoS poster and have continued on the project.

Groups: