People/Web Search Calendar Emergency Info A-Z Index UVA Email University of Virginia

Computer Science Colloquia

Monday, March 18, 2013
Tianhao Tong
Advisor: David Evans
Attending Faculty: Alfred Weaver (Chair), Jack Davidson, and Marty Humphrey

11:00 AM, Rice Hall, Room 242

Qualifying Exam Presentation
GuarDroid: Guarding Your Password from Untrusted Smartphone Apps


Sensitive online transactions are frequently executed using smartphone clients today. Unlike on a traditional personal computer where these online transactions are typically executed in a browser, smartphone users tend to install apps for the transactions. These apps use username and password pairs as the primary authentication method and may come from untrusted parties, opening users up to new kinds of phishing that steals user's password. In this paper, we present GuarDroid, a system that protects user's password from untrusted apps. The key idea is to isolate the passwords from the apps by leveraging the smartphone operating system as a trusted computing base and establishing a trust path between the user and the OS. Our system does not need to modify existing apps or services, while still providing an important protection for user's passwords.