Rise of the Planet of the Apps: Security and Privacy in the Age of Bad Code

Computing is undergoing a major shift.  Third-party applications hosted in online software markets have become ubiquitous on all kinds of platforms: mobile phones, Web browsers, gaming devices, even household robots.  These applications often include yet more third-party code for advertising, analytics, etc.  These trends have dramatically increased the amount of bad code throughout the software stack - buggy code, malicious code, code that overcollects private information intentionally or by accident, overprivileged code vulnerable to abuse - as well as the amount of sensitive data processed by bad code.

In this talk, I will demonstrate that existing application platforms are ill-suited to dealing with bad code, thus causing security and privacy problems.  I will then show how to isolate bad code without affecting its useful functionality, by redesigning the interfaces across the software stack and controlling the information released to the applications by the platform.  I will also show how automated testing can identify bad code and help developers improve their applications. 

Suman Jana is a postdoctoral researcher at Stanford University. He earned his PhD in 2014 from the University of Texas, where he was supported by the Google PhD Fellowship.  He is broadly interested in identifying fundamental flaws in existing systems and building new systems with strong security and privacy guarantees.  Suman received the 2014 PET Award for Outstanding Research in Privacy-Enhancing Technologies, Best Practical Paper Award from the 2014 IEEE Symposium on Security and Privacy (Oakland), Best Student Paper Award from the 2012 IEEE Symposium on Security and Privacy, and the 2012 Best Applied Security Paper Award. Suman's research has been widely covered in popular media, and his code has been deployed at Google, Mozilla, and Apache.