Patrick McDaniel is a Professor in the Computer Science and Engineering Department at the Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, and IEEE Fellow. Dr. McDaniel is also the program manager and lead scientist for the newly created Cyber-Security Collaborative Research Alliance. Patrick's research efforts centrally focus on network, telecommunications, systems security, language-based security, and technical public policy. Patrick was the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and served as associate editor of the journals ACM Transactions on Information, IEEE Transactions on Computers, and IEEE Transactions on Software Engineering. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including, among others, the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.
The explosion of smart phones as a vehicle for enterprise and personal computing heightens concerns about security and privacy. Many studies have shown that applications can work against the user's best interests and house new forms of malware. This talk explores the genesis and evolution of efforts in evaluating smartphone application security, and identifies open questions on security in the mobile environment. We explore a broad range of analyses that extract of software structures and behaviors from smartphone application bytecode, and describe several studies that identify potential security and privacy concerns. We further discuss the realities of current mobile apps and markets and identify challenges in preventing misuse of smartphone resources and data.