Vortragende(r): Heiko Mantel
To which extent do you entrust secrets to applications?
Do you trust your applications to keep such secrets?
What are the criteria for an application to deserve your trust and how can you enforce them?
In this talk, I will advertise a property-centric approach to software security. Property-centric security complements the mechanism-centric security tradition by providing precise criteria for satisfactory IT-security and reliable analysis techniques for certifying that these criteria are met. I will illustrate this approach at Cassandra, our framework for certifying information flow security of Android applications. Cassandra is a prototypical app store that supports the certification of user-defined security policies. Based on a static information-flow analysis, Cassandra informs a user about the leaks of private data that running an app might cause such that the user can make an informed decision whether to install an app or not. I will conclude with a discussion of selected research challenges.
Heiko Mantel is professor for Computer Science at TU Darmstadt since 2007. Previously, he was an assistant professor for Computer Science at RWTH Aachen, held a post-doc position at ETH Zurich, and was a researcher at the DFKI in Saarbrucken. In 2003, he received his Ph.D. from Saarland University. His research focuses on foundations of software security, on methods that facilitate the development and certification of security-critical software, and on tools that support these methods. His overall goal is to make security-critical software systems more trustworthy.
Heiko Mantel spent extended research stays at Chalmers University of Technology, at Cornell University, and at Harvard University. He is principal investigator of the Center for Advanced Security Darmstadt (CASED), the European Center for Security and Privacy by Design (EC-SPRIDE), and the DFG collaborative research center CROSSING. Since 2010, Heiko Mantel is the coordinator of the DFG priority program Reliably Secure Software Systems.