The formidable growth of the cyber-threat landscape today is accompanied by an
imperative need for providing high-assurance software solutions. In the last decade, binary
hardening via In-lined Reference Monitoring (IRMs) has been firmly established as a powerful
and versatile technology, providing superior security enforcement for many platforms. IRM
frameworks rewrite untrusted binary code, inserting runtime checks to produce safe,
self-monitoring code; IRMs are equipped with the ability to enforce a rich set of history-based
policies, without requiring access to source code.
In this talk, we present HybridGuard , an IRM framework for hybrid mobile apps . Hybrid mobile
frameworks, such as React Native, Ionic, PhoneGap etc., are rapidly becoming the mainstay
technology for developing mobile apps. Here, the developer need only write web code, and the
framework automatically ports to popular mobile platforms such as Android, iOS etc. While slick,
quick, and cost-effective, the exposure of sensitive mobile device resources to web content
dramatically increases the attack surface, rendering the apps vulnerable to a slew of dangerous
attacks such as code-injection, fracking, cross-site scripting, tapjacking, amongst others.
HybridGuard allows developers fine-grained access control and rich policy enforcement over
hybrid mobile apps, protecting against the dangerous vulnerabilities that web code inclusion
brings. We will discuss the research challenges and successes on adapting the IRM technology
to secure this complex, cross-platform mobile space, and probe into its natural extension into
the world of Internet-of-Things.
Dr. Meera Sridhar is an Assistant Professor in the Department of Software and Information
Systems at UNC Charlotte. Her research interests span language-based and systems security,
formal methods, and their application to web, mobile and Internet-of-Things security. Her
research is currently supported by the National Science Foundation (NSF).
Dr. Sridhar received her Bachelor’s and Master’s degrees in Computer Science from Carnegie
Mellon University, and her Ph.D. in Computer Science from The University of Texas at Dallas