4月24日学术报告：Prof. Limin Jia (CMU) - Protect Users' Data with Information Flow Control
Title: Protect Users' Data with Information Flow Control
Abstract: As more and more services are provided over the web and via mobile apps, users' sensitive data such as passwords and credit card numbers are at risk from malicious or buggy mobile phone apps, web scripts, and browser extensions. In this talk, I will explain why the permission systems used on platforms like Android and Chrome are fundamentally unsuited for specifying security policies for the apps and extensions that run on them. I'll show how previous work on information-flow control (IFC) can be adapted to provide a stronger alternative, and describe the IFC systems we've built to achieve this on both Android and Chromium. Finally, I'll discuss the challenges---some that we've overcome and some that we continue to work on---in using IFC in this setting to achieve verifiable protection without sacrificing functionality.
Bio: Limin Jia is an assistant Research Professor in ECE & INI at Carnegie Mellon University. She received her Bachelor's degree in Computer Science and Engineering department at the University of Science and Technology of China. She received her Ph.D. in Computer Science from Princeton University.
Limin's research focuses on formal aspects of security. She is particularly interested in applying logic and language-based security techniques to model and verify security properties of software systems.