Seminar - Dr. David Lie

Wednesday, June 11, 2014 11:00 am - 11:00 am EDT (GMT -04:00)

Speaker

Dr. David Lie

Topic

Using Static Analysis and Machine Learning to Improve the Security and Configuration Management of Systems

Abstract

In this talk, I will describe two systems we have built in my group. The first, called Pscout, enables researchers to analyze the permission system of the Android smartphone OS. The documentation of Android’s permission system is incomplete. Pscout extracts the permission specification from the Android OS source code using static analysis. Having a static analysis tool allows us to perform a longitudinal study across Android versions. In this study we answer several key questions, such as whether there is redundancy in the plethora of Android Permissions, and what the underlying causes for changing application permission requirements are.

I will also discuss some recent work on automatically fixing misconfigurations in desktop applications using a system called Ocasta. Ocasta uses machine learning to detect related configuration setting and performs an automated search of previous configurations to repair a misconfigured system. Ocasta identifies clusters of related settings with 88.6% accuracy and requires 11 minutes on average to fix errors from a corpus of 16 real-world configuration errors on Windows and Linux systems. A user study we performed shows that Ocasta is useful to both expert and non-expert users.

Biography

David Lie received his B.S. from the University of Toronto in 1998, and his M.S. and Ph.D from Stanford University in 2001 and 2004 respectively. He is currently an Associate Professor in the Department of Electrical and Computer Engineering at the University of Toronto and the Canada Research Chair in Secure and Reliable Computer Systems. While at Stanford, David founded and led the XOM (eXecute Only Memory) Processor Project, which supports the execution of tamper and copy-resistant software. He was the recipient of a best paper award at SOSP for this work. David is also a recipient of the MRI Early Researcher Award. David has served on various program committees including OSDI, ASPLOS, Usenix Security and IEEE Security & Privacy. Currently, his interests are focused on securing mobile platforms, cloud computing security and increasing the reliability of software.


Invited by Professor Lin Tan