Bianchi and Celik win 2021 ASPIRE Award
Assistant Professors Antonio Bianchi, Berkay Celik and their research group in the PurSecLab have won the 2021 Android Security and PrIvacy REsearch (ASPIRE) Award for their work on improving usability of Android APIs for conformity of standard security practices.
ASPIRE was launched in 2018. According to Google Security Blog: “ASPIRE’s goal is encouraging the development of new security and privacy technology that impacts the Android ecosystem in the next two to five years, but isn’t planned for mainline Android development. This timeframe extends beyond the next annual Android release to allow adequate time to analyze, develop, and stabilize research into features before including in the platform.”
Modern Android mobile devices are often used for security-sensitive tasks and the Android platform offers several features that can be used to ensure these tasks are performed securely. These features range from allowing remote servers to attest a device’s state to determining what content a user has access to.
The common aspect of these security features is that they all require a verification procedure that, to be securely implemented, must happen “remotely” (i.e., on a remote server). The researchers identified two main issues that hinder the correct usage of the APIs offering remote attestation features: using these APIs requires coordination with a remote server in order to implement a part of the verification protocol and in implementing such protocols, developers should assume that an app’s code has been modified or the app is running on an untrusted or compromised device.
The primary investigators will focus on three interconnected and parallel research thrusts. They will explore the reasons that prevent developers from using the Android security features and how the features can be misused. Also, they will create modifications on the Android platform to provide easier use of Androids APIs for developers. Additionally they will develop server-side components for helping developers correctly perform remote attestation on their own servers or use trusted Google-owned endpoints to verify such security properties.
Professor Celik is an assistant professor in the Department of Computer Science at Purdue University. He earned his PhD in computer science and engineering from the Pennsylvania State University in 2014. His advisor was Patrick McDaniel. His research investigates the design and evaluation of security for software and systems, specifically on emerging computing platforms and the complex environments in which they operate. Through systems design and program analysis, his research seeks to improve security and privacy guarantees in commodity computer systems. He has extensive experience in deploying open-source tools, developing test suites, and providing the research community with models for cyber resiliency and cyber operations.
Professor Bianchi received his PhD degree in computer science from University of California at Santa Barbara, and he is currently an assistant professor at Purdue University’s Department of Computer Science. His expertise is in the analysis of vulnerabilities in mobile applications, IoT devices, and binary programs, and in the development of vulnerability mitigation techniques. In this area, he developed novel dynamic and static analysis techniques to detect specific vulnerabilities in mobile applications and IoT devices. In the field of mobile security, he recently focused his interest on the usage of modern hardware features (e.g., fingerprint reader sensor, Secure UI, ...) to improve the security and the usability of novel authorization and authentication systems.The PurSec Lab at Purdue University is a group of researchers focusing on system security research. Graduate students Habiba Farrukh, Abdullah Imran, Muhammad Ibrahim and Lei Zeyu are part of the winning research team.