Foundations for Resilient App Stores
Professor of Software Safety and Security, University of Edinburgh
App stores are now the dominant model for software distribution. They are incredibly successful, connecting to millions of devices and downloading billions of third-party applications. App stores not only offer apps and media content, they also have near total control on phones, tablets and other devices that connect to them, making them a crucial trust point in many software ecosystems. This trust is eroded as malicious code and other unwanted behaviours appear frequently in downloaded apps, despite efforts to keep app stores safe.
Our research seeks to design new security foundations for app stores and devices they control. I'll describe some recent results, including: (1) a mechansism for mobile app verification providing certification of security; (2) a way of discovering and explaining likely problematic apps; (3) a mechanism for describing and enforcing policies for app stores and devices, using a logic for distributed access control.