Bianchi and Celik’s research team win ASPIRE Award
Assistant Professors Antonio Bianchi and Z. Berkay Celik
Assistant Professors Antonio Bianchi, Z. Berkay Celik, and their research group in the PurSecLab have won the 2022 Android Security and PrIvacy REsearch (ASPIRE) Award.
The research team won the ASPIRE award for their work on improving the security and usability of the Wear OS permission model.
Google’s Wear OS is a version of Android’s operating system specifically designed to manage wearable devices, such as smartwatches and other wearables. Normally, Wear OS apps have the ability to access potentially-sensitive information, such as the device’s location and is controlled by a permission system. Specifically, users are asked at run-time whether they want to allow a Wear OS app to access a specific piece of sensitive information. Through permissions, Android allows the user to select whether to allow or deny sensitive information access to the app.
However, with potentially confusing permissions windows popping up in a dialog box, it’s possible for the user to inadvertently choose options that send location data to the Wear OS app. This reveals three fundamental issues; poor usability, poor user understanding, and unclear security.
The researchers plan to perform what would be the first systematic analysis of the interaction of the Android/Wear OS permission models.
As the market increases for wearable devices using Wear OS app (running on a smartwatch) and its companion Android counterpart (running on a smartphone), the interaction between them poses peculiar challenges for users regarding permissions," said Celik. He added, “The potentially-unwanted information exchange between wearable devices and the phone is problematic, yet has great potential to be solved.”
"The convenience and constant connectivity of wearable Android devices comes with a hidden cost: potential privacy violations,” said Bianchi. He added, “These privacy issues could compromise sensitive information and undermine users’ trust in their devices.”
In 2021, the same team of Bianchi and Celik won an ASPIRE award for their work on improving usability of Android APIs for conformity of standard security practices. They published a paper based on those findings, SARA: Secure Android Remote Authorization at USENIX 2022.
Both Bianchi and Celik are members of the PurSec Lab at Purdue University. Fellow lab members are also part of this project; Habiba Farrukh (lead graduate student), Doguhan Yeke, Muhammad Ibrahim, Abdullah Imran, Zeyu Lei, and undergraduate student, Beatrice Williem.
Google launched its ASPIRE program in 2018 to encourage the development of new security and privacy tools in the fight to deter the hacking of vulnerable devices.
Berkay Celik is an Assistant Professor of Computer Science at Purdue University, where he is the co-director of the PurSec laboratory and member of CERIAS. His research investigates the design and evaluation of security for software and systems, specifically on emerging computing platforms and the complex (physical) environments in which they operate. Through systems design, program analysis, and formal methods, his research seeks to improve security and privacy guarantees in commodity computer systems. His research approach is best illustrated by his extensive work in the security and privacy of the Internet of Things (IoT) systems, robotic vehicles, automotive, and autonomous systems. He has received the National Science Foundation CAREER Award in 2021. He regularly serves on program committees for top conferences in security, such as IEEE Security and Privacy, USENIX Security, ACM CCS, and NDSS. His research has been sponsored by NSF, Office of Naval Research, Sandia National Laboratories, Rolls-Royce, and Cisco.
Antonio Bianchi is an assistant professor at the Department of Computer Science at Purdue University. His expertise is in the analysis of vulnerabilities in mobile applications, IoT devices, and binary programs, and in the development of vulnerability mitigation techniques. In this area, he developed novel dynamic and static analysis techniques to detect specific vulnerabilities in mobile applications and IoT devices. In the field of mobile security, he recently focused his interest on the usage of modern hardware features (e.g., fingerprint reader sensor, Secure UI) to improve the security and the usability of novel authorization and authentication systems. Bianchi received his PhD degree in computer science from University of California at Santa Barbara.
About the Department of Computer Science at Purdue University
Founded in 1962, the Department of Computer Science was created to be an innovative base of knowledge in the emerging field of computing as the first degree-awarding program in the United States. The department continues to advance the computer science industry through research. US News & Reports ranks Purdue CS #20 and #16 overall in graduate and undergraduate programs respectively, seventh in cybersecurity, 10th in software engineering, 13th in programming languages, data analytics, and computer systems, and 19th in artificial intelligence. Graduates of the program are able to solve complex and challenging problems in many fields. Our consistent success in an ever-changing landscape is reflected in the record undergraduate enrollment, increased faculty hiring, innovative research projects, and the creation of new academic programs. The increasing centrality of computer science in academic disciplines and society, and new research activities - centered around data science, artificial intelligence, programming languages, theoretical computer science, machine learning, and cybersecurity - are the future focus of the department. cs.purdue.edu
Writer: Emily Kinsell, firstname.lastname@example.org
Sources: Antonio Bianchi, email@example.com
Berkay Celik, firstname.lastname@example.org