Analysis of Software Privacy Leakage
+49 681 302 70971
zeller(Replace this parenthesis with the @ sign)cispa.saarland
Third-party applications, on mobile phones and in Web services, often share private data liberally, in ways the user may be unaware of, and malicious malware communicating critical data to an attacker is a rising problem. This project aims to provide tools that automatically analyze privacy leakage from existing software, putting users in a position to understand how their data is being shared (and, ultimately, put a stop to undesired data sharing). As a key concept towards this end, we introduce privacy patterns, summarizing how applications may access, process, and propagate sensitive data, in a form amenable to further analyses, and communicable to users. Privacy patterns identify sources and sinks of sensitive data, obtained by abstracting over multiple executions, and multiple concrete sources and sinks. Abstracting over multiple related apps will allow us to characterize “normal” behavior and consequently, to detect “abnormal” behavior which users should be alerted to. To tackle third-party, multi-language, binary, distributed, obfuscated, and even adverse software and components like malware, we will couple static and dynamic analysis with novel test generation techniques that are robust and scalable, yet target the flows and patterns of interest.
Role Within the Collaborative Research Center
In the context of this project we are looking for two qualified PhD students with a track record in topics relevant to the project. If you are interested please send a letter of intent together with your short CV to the PIs of the project.