Annual Computer Security Applications Conference 2015

Full Program »

T5. Program Analysis for Privacy of Mobile Applications

Tuesday, 8 December 2015
08:30 - 12:00

Salon 6B

[This tutorial has been CANCELLED.]

Program analysis has become an essential tool to verify the correctness of programs before these are deployed to end users’ computers and devices. Detecting security problems in today’s mobile applications by just relying on manual code inspection is unrealistic. Testing is also limited because there is often no guarantee that all the possible paths of execution of an application are tested under all the possible inputs, and so false negatives may arise. Static analysis is a very promising solution but suffers from the dual problem of false positives. This course presents both static and dynamic analysis approaches to enforce privacy of mobile applications, and includes a hands-on lab that teaches the audience how to use an open-source tool to create a static-analysis solution that verifies the confidentiality of the data managed by the program itself.

Prerequisites. Some knowledge of programming development (possibly Java)


  1. Introduction:
    • Privacy problems in mobile applications
  2. Program Analysis Solutions
    • Static analysis
    • Dynamic analysis
    • Hybrid approaches
  3. Lab
    • Testing
    • Installation and configuration of WALA for mobile
    • Creation of privacy analysis tool based on WALA for mobile

About the Instructor:

Marco Pistoia, Ph.D. has worked for IBM Corporation since January 1996 and is currently a Manager and Research Staff Member at the IBM Thomas J. Watson Research Center in New York, where he manages the Mobile Enterprise Software and Security research group. In January 2010, he was one of 38 IBM employees worldwide to be bestowed the title of IBM Master Inventor. He is the inventor of more than 80 patents and 200 patent applications.

Dr. Pistoia has designed and implemented numerous analysis components and contributed large amounts of code to IBM’s two main products for static quality analysis: IBM Rational Software Analyzer and IBM Security AppScan Source.

Dr. Pistoia has written ten books and published numerous papers and journal articles on various aspects of Program Analysis and Language-Based Security. Most recently, he has published his Ph.D. thesis, and has been the lead author of the books “Enterprise Java Security,” published by Addison-Wesley (and available also in Chinese as a Tsinghua University publication, and “Java 2 Network Security,” published by Prentice Hall PTR. Both these books are used as textbooks in many universities worldwide. He has published and presented at numerous conferences worldwide, including ACSAC, the IEEE Symposium on Security and Privacy, OOPSLA, ECOOP, PLDI, ICSE, ISSTA, FASE and PLAS. He has also been invited to lecture at several research institutions worldwide, including Harvard University, New York University, University of Maryland, Rutgers University, Virginia Tech, Stony Brook University, University of Texas at Austin and Stevens Institute of Technology in the United States, Tohoku University and the National Institute of Informatics in Japan, École Normale Supérieure in France, Dagstuhl School of Informatics and University of Saarland in Germany, Eidgenössische Technische Hochschule (ETH) Zürich in Switzerland, University of Rome in Italy, Tel Aviv University and Ben Gurion University in Israel, University of Porto in Portugal, and Chalmers University of Technology in Sweden. He has been an Adjunct Professor of Computer Science at the Polytechnic Institute of New York University since 2000. He was the General and Program Co-chair of PLAS 2008, and the Program Chair of the ACM Student Research Competition at PLDI 2009. Furthermore, he has served as Program Committee member on several conferences, including NDSS 2009, ACSAC 2008 and 2009, ICSE 2012, ICST 2012, ISSTA 2011, PLAS 2007, 2009, 2010, 2011, 2012 and 2014, NDSS 2009, IEEE SSIRI 2009, 2010 and 2011, IEEE SERE 2012, and CISIM 2012, 2013 and 2014.

Dr. Pistoia received his Ph.D. in Mathematics from the New York University Polytechnic School of Engineering in May 2005 with a thesis entitled “A Unified Mathematical Model for Stack- and Role-Based Authorization Systems,” and his Master of Science and Bachelor of Science degrees in Mathematics summa cum laude from the University of Rome, Italy in July 1995, with a thesis entitled “Theory of Reductive Algebraic Groups and Their Representations.” His mathematical interests include lattices and invariant theory. His computer interests include mobile-code security, program analysis and secure language design. Dr. Pistoia has been the recipient of several awards, including two ACM SIGSOFT Distinguished Paper Awards, an IBM Research Pat Goldberg Memorial Best Paper Award (3 papers selected out of 130), an IBM Research Outstanding Technical Achievement Award, two IBM Research Outstanding Innovation Awards, four IBM Research Division Awards, and a European Community Erasmus Fellowship Award. In September 2007, the Italian Ministry of Education, University and Research, the National Committee of the Italian Presidents of Faculties of Sciences and Technologies, and Confindustria, Italy's leading organization representing all the Italian manufacturing and service companies, presented Pistoia as one of the 70 most successful Italian mathematicians who graduated from an Italian university between the years 1980 and 2000. His biography was published in the book “Matematici al Lavoro.”


Powered by OpenConf®
Copyright©2002-2015 Zakon Group LLC