Mobile devices such as smartphones and Internet tablets have achieved computing and networking capabilities comparable to traditional personal computers. Their successful consumerization has also become source of pain for adopting users and organizations. For example, the wide-spread presence of information-stealing applications raises substantial security and privacy concerns. The operating systems supporting these new devices have both advantages and disadvantages with respect to offered security. On one hand, they use application sandboxing to contain exploits and limit privileges given to malware. On the other hand, they collect and organize many forms of security and privacy sensitive information simply as a matter of operation, and make that information easily accessible to downloaded third-party applications.

Recognizing smartphone security and privacy as the emerging area, this workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas, thus to deepen our understanding to various security and privacy issues on smartphones, specifically the platforms such as iOS and Android. Topics of interests include (but are not limited to) the following subject categories:

We also would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop is to act as a venue for creative debate and interaction in security- and privacy-sensitive areas of computing and communication impacted by smartphones.

Organizing Commitees

Program Co-chairs

William Enck, North Carolina State University
Xuxian Jiang, North Carolina State University

Technical Program Committee

David Barrera, Carleton University
Songqing Chen, George Mason University
Rajarshi Gupta, Qualcomm Research Silicon Valley
Jaeyeon Jung, Microsoft Research
Zhenkai Liang, National University of Singapore
Patrick McDaniel, Pennsylvania State University
Adrienne Porter Felt, Google
Ahmad-Reza Sadeghi, TU Darmstadt and Intel Research Institute for Secure Computing at TU Darmstadt
Kapil Singh, IBM T.J. Watson Research Center
Patrick Traynor, Georgia Institute of Technology
Glenn Wurster, Research in Motion Limited
Xinwen Zhang, Huawei Research Center

Technical Program

Friday, October 19, 2012

7:30 - 8:30 Breakfast
8:45 - 8:50 Opening Remarks: William Enck (North Carolina State University)
8:50 - 10:00 Keynote, Geir Olsen, Principal Program Manager of the Windows Phone team, Microsoft
Title: Windows Phone 8 Security

Abstract: The Windows Phone security model is designed from the ground up to build upon a decade of Microsoft's experience with digital security. In its first release, it establishes a foundation which supports a core set of promises for consumers & developers, spanning privacy, safety, and profitability. This talk will go deep on the key challenges that the security model tackles, & how its provisions work together in practice to enable trustworthy mobile computing. Along the way, the talk will touch on a variety of upcoming investments in the platform security roadmap for Windows Phone.

Bio: Geir Olsen is a Principal Program Manager in the operating system group on the Windows Phone team. In that role Geir is responsible for the Windows Phone security model. He has worked on security and privacy systems and solutions for the last decade, mostly at Microsoft, but also at other organization like VISA and Siemens. Geir is passionate about crafting security and privacy solutions that enable users and developers to focus on their core priorities trusting the platform to keeping them and their information safe.

10:00 - 10:15 Morning Break
10:15 - 12:15 Technical Session I: Permissions (15 minute back-to-back talks, 60 minutes discussion)
Session Chair: Jaeyeon Jung (Microsoft Research)
Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications
Jinseong Jeon, Kristopher Micinski (University of Maryland, College Park), Jeffrey Vaughan (Logicblox), Ari Fogel (University of California, Los Angeles), Nikhilesh Reddy (Qualcomm), Jeffrey Foster (University of Maryland, College Park) and Todd Millstein (University of California, Los Angeles)
Short Paper: Rethinking Permissions for Mobile Web Apps: Barriers and the Road Ahead
Chaitrali Amrutkar and Patrick Traynor (Georgia Institute of Technology)
Short Paper: Enhancing Users' Comprehension of Android Permissions
Liu Yang, Nader Boushehrinejadmoradi, Pallab Roy, Vinod Ganapathy and Liviu Iftode (Rutgers University)
Short Paper: Smartphones: Not Smart Enough?
Ian Fischer (University of California, Berkeley), Cynthia Kuo (Nokia Research), Ling Huang (Intel Labs) and Mario Frank (University of California, Berkeley)
12:15 - 1:30 Lunch
1:30 - 3:00 Technical Session II: What Users Want (15 minute back-to-back talks, 45 minutes discussion)
Session Chair: David Barrera (Carleton University)
I've Got 99 Problems, But Vibration Ain't One: A Survey of Smartphone Users' Concerns
Adrienne Felt, Serge Egelman and David Wagner (University of California, Berkeley)
Short Paper: No more blank checks: Enhancing mobile application permissions with runtime feedback and constraints
Jaeyeon Jung (Microsoft), Seungyeop Han and David Wetherall (University of Washinton)
Short Paper: Location Privacy: User Behavior in the Field
Drew Fisher, Leah Dorner and David Wagner (University of California, Berkeley)
3:30 - 3:45 Afternoon Break
3:45 - 5:45 Technical Session III: Attacks and Defenses (15 minute back-to-back talks, 60 minutes discussion)
Session Chair: Adrienne Porter Felt (Google)
Fingerprint Attack against Touch-enabled Devices
Yang Zhang (Southeast University, China), Peng Xia (University of Massachusetts Lowel), Junzhou Luo, Zhen Ling (Southeast University, China), Benyuan Liu and Xinwen Fu (University of Massachusetts Lowell)
Reducing Attack Surfaces for Intra-Application Communication in Android
David Kantola, Erika Chin, Warren He and David Wagner (University of California, Berkeley)
Understanding and Improving App Installation Security Mechanisms through Empirical Analysis of Android
David Barrera, Jeremy Clark, Daniel McCarney and Paul van Oorschot (Carleton University)
SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications
Cong Zheng, Shixiong Zhu, Shuaifu Dai (Peking University), Guofei Gu (Texas A&M), Xiaorui Gong and Wei Zou (Peking University)
5:45 - 5:50 Closing Remarks