Ph.D. Thesis Proposal: Chaitrali Amrutkar

Add to Calendar
Date:
November 30, 2012 10:00 am - 12:00 pm
Location:
KACB 3126 ("GTISC War Room")

Ph.D. Thesis Proposal Announcement
Title: Towards Secure Web Browsing on Mobile Devices
 
Chaitrali Amrutkar
School of Computer Science
College of Computing
Georgia Institute of Technology

Date: Friday, November 30, 2012
Time: 10:00 am - 12:00 noon EST
Location: KACB 3126 (GTISC war room)

Committee:

  • Dr. Patrick Traynor (Advisor, School of Computer Science, Georgia Tech)
  • Dr. Mustaque Ahamad (School of Computer Science, Georgia Tech)
  • Dr. Wenke Lee (School of Computer Science, Georgia Tech)
  • Dr. Shobha Venkataraman (AT&T Labs - Research)

Summary:
The Web is increasingly being accessed by portable, multi-touch wireless devices. Despite the popularity of platform-specific (native) mobile apps, a recent study of smartphone usage shows that more people (81%) browse the Web than use native apps (68%) on their phone. Moreover, many popular native applications such as Facebook depend on browser-like components (e.g., Webview) for their functionality. The popularity and prevalence of web browsers on modern mobile phones represent a major vulnerability that can be exploited by existing and emerging threats. Although a range of studies have focused on the security of native apps on mobile devices, efforts in characterizing the security of web transactions originating at mobile browsers are limited.

This thesis proposal presents three main contributions:

First, we show that porting browsers to mobile platforms leads to new vulnerabilities previously not observed in desktop browsers. The solutions to these vulnerabilities require careful balancing between usability and security and might not always be equivalent to those in desktop browsers. Second, we empirically demonstrate that the combination of reduced screen space and an independent selection of security indicators not only make it difficult for experts to determine the security standing of mobile browsers, but actually make mobile browsing more dangerous for average users as they provide a false sense of security. Finally, we propose a mechanism that presents a holistic view of the permissions required by a mobile web app and provides a simple, single-stop permission management process. This thesis proposal will present details of the completed research (first and second contributions) and also provide a brief overview of the ongoing research (third contribution).