Rise of the Planet of the Apps: Security and Privacy in the Age of Bad Code

Computing is undergoing a major shift. Third-party applications hosted in
online software markets have become ubiquitous on all kinds of platforms:
mobile phones, Web browsers, gaming devices, even household robots. These
applications often include yet more third-party code for advertising,
analytics, etc. These trends have dramatically increased the amount
of bad code throughout the software stack – buggy code, malicious code,
code that overcollects private information intentionally or by accident,
overprivileged code vulnerable to abuse – as well as the amount of
sensitive data processed by bad code.

In this talk, I will demonstrate that existing application platforms are
ill-suited to dealing with bad code, thus causing security and privacy
problems. I will then show how to isolate bad code without affecting its
useful functionality, by redesigning the interfaces across the software
stack and controlling the information released to the applications by
the platform. I will also show how automated testing can identify bad
code and help developers improve their applications.
Suman Jana is a postdoctoral researcher at Stanford University.
He earned his PhD in 2014 from the University of Texas, where he was
supported by the Google PhD Fellowship. He is broadly interested in
identifying fundamental flaws in existing systems and building new systems
with strong security and privacy guarantees. Suman received the 2014
PET Award for Outstanding Research in Privacy-Enhancing Technologies,
Best Practical Paper Award from the 2014 IEEE Symposium on Security and
Privacy (Oakland), Best Student Paper Award from the 2012 IEEE Symposium
on Security and Privacy, and the 2012 Best Applied Security Paper Award.
Suman's research has been widely covered in popular media, and his code
has been deployed at Google, Mozilla, and Apache.