Two Trust-based Applications for the Security of Mobile Devices.


In this talk we propose two trust-based applications managing two
typical issues deriving from the use of mobile devices: detection
of repackaged applications and corporate resource access control. 
First, we present a contract-based approach to detect repackaged
Android apps. In the proposed framework, an app contract (in the
form of a probabilistic automaton) is generated dynamically by a
trusted-third party merging execution traces collected and shared
by collaborative users using the app. At run time, a monitoring
system on the device checks the compliance of the app behavior
against the contract through statistical tests.
Second, we present an access control system for corporate assets
in the Bring-Your-Own-Device (BYOD) setting, which aims at
balancing the analysis of the major threats of the BYOD framework
with the analysis of the potential increased opportunities emerging
in such an environment, by combining mechanisms of risk estimation
with trust and threat metrics.


Bio:
----
Alessandro Aldini received the Ph.D. degree in Computer Science
from the University of Bologna in 2002.  He is currently Associate
Professor in Computer Science at the University of Urbino "Carlo Bo",
Italy.
His research interests are focused on the study and application of
automated methodologies for the design and verification of computer
and network systems, with a particular emphasis on the foundations
of security, dependability, and performance analysis.
He has co-authored one book for Springer (A Process Algebraic
Approach to Software Architecture Design), more than 60
peer-reviewed papers published on international journals and
conference proceedings, and guest-edited about a dozen books for
international leading publishers.
He is co-chair of the Foundations of Security Analysis and Design
(FOSAD) series of international summerschools, which has been one
of the foremost events established with the aim of disseminating
knowledge in the critical area of security in computer systems and
networks. 
He is in the steering committee of the International Workshop on
Quantitative Aspects of Programming Languages (QAPL), whose goal
is to discuss the explicit use of quantitative information either
directly in the model specification of computer systems or as a
tool for the analysis of such systems.