Colloquium - Meera Sridhar

Date: 
Monday, December 10, 2018 - 3:30pm to 4:30pm
Location: 
ESB 2001
Title: 
Runtime Monitors for Hybrid Mobile Apps and Other Stories
Speaker: 
Dr. Meera Sridhar
Host: 
Chad Spensky

Abstract

The formidable growth of the cyber-threat landscape today is accompanied by an

imperative need for providing high-assurance software solutions. In the last decade, binary

hardening via In-lined Reference Monitoring (IRMs) has been firmly established as a powerful

and versatile technology, providing superior security enforcement for many platforms. IRM

frameworks rewrite untrusted binary code, inserting runtime checks to produce safe,

self-monitoring code; IRMs are equipped with the ability to enforce a rich set of history-based

policies, without requiring access to source code.

In this talk, we present HybridGuard , an IRM framework for hybrid mobile apps . Hybrid mobile

frameworks, such as React Native, Ionic, PhoneGap etc., are rapidly becoming the mainstay

technology for developing mobile apps. Here, the developer need only write web code, and the

framework automatically ports to popular mobile platforms such as Android, iOS etc. While slick,

quick, and cost-effective, the exposure of sensitive mobile device resources to web content

dramatically increases the attack surface, rendering the apps vulnerable to a slew of dangerous

attacks such as code-injection, fracking, cross-site scripting, tapjacking, amongst others.

HybridGuard allows developers fine-grained access control and rich policy enforcement over

hybrid mobile apps, protecting against the dangerous vulnerabilities that web code inclusion

brings. We will discuss the research challenges and successes on adapting the IRM technology

to secure this complex, cross-platform mobile space, and probe into its natural extension into

the world of Internet-of-Things.

Bio

Dr. Meera Sridhar is an Assistant Professor in the Department of Software and Information

Systems at UNC Charlotte. Her research interests span language-based and systems security,

formal methods, and their application to web, mobile and Internet-of-Things security. Her

research is currently supported by the National Science Foundation (NSF).

Dr. Sridhar received her Bachelor’s and Master’s degrees in Computer Science from Carnegie

Mellon University, and her Ph.D. in Computer Science from The University of Texas at Dallas

Everyone welcome!