« Back to main Programme

Foundations for Resilient App Stores

David Aspinall

Professor of Software Safety and Security, University of Edinburgh

App stores are now the dominant model for software distribution. They are incredibly successful, connecting to millions of devices and downloading billions of third-party applications. App stores not only offer apps and media content, they also have near total control on phones, tablets and other devices that connect to them, making them a crucial trust point in many software ecosystems. This trust is eroded as malicious code and other unwanted behaviours appear frequently in downloaded apps, despite efforts to keep app stores safe.

Our research seeks to design new security foundations for app stores and devices they control. I'll describe some recent results, including: (1) a mechansism for mobile app verification providing certification of security; (2) a way of discovering and explaining likely problematic apps; (3) a mechanism for describing and enforcing policies for app stores and devices, using a logic for distributed access control.

About David Aspinall

Professor David Aspinall holds a personal chair in Software Safety and Security at University of Edinburgh, in the School of Informatics. He leads the Security and Privacy research group in the School and a cross-discipline Cyber Security & Privacy Research Network in the University. His research interests are in areas of computer security including certified security and proof-carrying code and authentication mechanisms, as well as interactive theorem proving and proof engineering. One of his current projects is App Guarden, investigating secure app store mechanisms, which is part of the UK Cyber Security Research Institute in Automated Program Analysis and Verification. For more, visit David's home page at: http://homepages.inf.ed.ac.uk/da/.

Sponsored by

AdaCore Capgemini Engineering

Supported by

AdaCore
Capgemini Engineering
Ansys
Harmonics
LDRA
RTI
Phixos
Rapita Systems Ltd
SDC Systems
Sysgo
Vector
Wind River
DDC-I
Harmonic Software Systems
TEKTowr
TrustInSoft
SafeCap