Program

09:00-09:15 Opening address & Speaker Introduction
09:15-10:30 Invited talk
Dr. Tim Finin on "Privacy in Mobile, Collaborative, Context-Aware Systems"
10:30-11:00 Break
11:00-12:30 Research Paper Presentations (30 mins each)
  1. "Anonymous Sensory Data Collection Approach for Mobile Participatory Sensing" - Chih-Jye Wang, Wei-Shinn Ku
  2. "Understanding Users' Requirements for Data Protection in Smartphones" - Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, Konstantin Beznosov
  3. "Authentication of Data on Devices" - Ashish Kundu
12:30-02:00 Lunch break
2:00-02:45 Invited Talk
Angelos Stavrou on "Smart & Mobile Devices in Foreign Wars: Locking Down Linux, Software Apps, and Communications"
Recent advances in the hardware capabilities of mobile hand-held devices have fostered the development of open source operating systems and a wealth of applications for mobile phones and table devices. This new generation of smart devices, including iPhone and Google Android, are powerful enough to accomplish most of the user tasks previously requiring a personal computer. In this talk I will discuss the cyber threats that stem from these new smart device capabilities and the online application markets for mobile devices. These threats include malware, data exfiltration, exploitation through USB, and user and data tracking. I will present the ongoing GMU and NIST efforts to defend against or mitigate the impact of attacks against mobile devices. Our approaches involve analyzing the source code and binaries of mobile applications, hardening the Android Kernel, using Kernel-level network and data encryption, and controlling the communication mechanisms for synchronizing the user contents with computers and other phones. I will also explain the enhanced difficulties in dealing with these security issues when the end-goal is to deploy security-enhanced smart phones into military combat settings. The talk will conclude with a discussion of my current and future research directions and outcomes in.
02:45-03:30 Panel "Managing data on Smart Phones: Enterprises and Beyond"
03:30-04:00 Break
04:00-05:00 Research Papers Presentations
  1. "Reconstructing Spatial Distributions from Anonymized Locations" - James Horey, Stephanie Forrest, Michael Groat (30 mins)
  2. Malicious Android Applications in the Enterprise: What Do They Do and How Do We Fix It? - Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos (15 mins)
  3. "Improved Mobile Device Security through Privacy Risk Assessment and Visualization" - Timothy Wright and Christian Poellabauer (15 mins)
05:00-05:15 Group Discussion
05:15-05:30 Closing Remarks

Call for Papers

There has been a widespread adoption of powerful mobile devices such as smartphones and tablets within the enterprise in the recent past. This widespread adoption of mobile devices raises serious data management challenges around data privacy and security of personal and enterprise data on these devices. The further adoption of mobile devices within the enterprise depends on strong guarantees that the enterprise is still in control of its sensitive data on mobile endpoints in the wild, and no data leakage or unauthorized modifications to the data can happen through these devices. Popular mobile platforms such as Android and iOS allow users to download apps from respective marketplaces, and enterprises can host their own market places to distribute their own apps. However, given the personal nature of these devices, most users run both enterprise as well as personal apps on the same device simultaneously. Since most apps on the public marketplaces are not security certified, and existing platform security solutions are lacking, for example by being coarse grained or being checked only at application install time, it is possible for malicious apps to steal/modify enterprise sensitive information that is resident on these devices. Similarly, given the compact dimensions of mobile devices such as smartphones, users could potentially lose their phones, which carry sensitive data. Furthermore, most devices come packed with an array of sensors and communication capabilities such as GPS, cameras, near field communication (NFC), accelerometers, WiFi and Bluetooth. These myriad on- device sensors generate large amounts of raw sensor data and managing this data to infer high-level events about the user and the end device remains a challenge. Additionally, devices like iPads and Internet tablets are now being increasingly used in a multi-user environment where continuous and secure authentication and authorizations for data access is critical.

In this workshop, we focus on the data management challenges that arise from the use of enterprise and other privacy sensitive data on mobile devices such as smartphones.

Topics of Interest include (but not limited to)

  • Enterprise and Device level Support for handling sensitive data
  • Data transformation of enterprise data on mobile devices
  • Enterprise data storage mechanisms on mobile devices
  • Classification and segregation of personal and enterprise data
  • Regulatory compliance issues of enterprise data on mobile devices
  • Management and control of on-device sensory data
  • Smartphone privacy and security policies
  • Enforcement of enterprise privacy policies on mobile end point devices
  • Run time monitoring of device resource usage and data flows
  • Security audit and Forensics
  • Secure application development
  • Mobile Application Certification and malware detection
  • Secure Identity Management
  • Hardware based security solutions

Important Dates

Manuscripts Due: October 27, 2011 / November 3, 2011 November 14, 2011
Acceptance Notification: December 12, 2011
Camera Ready Deadline: December 19, 2011
Workshop Date: April 5, 2012

Submission Instructions

Authors are invited to submit either Full Research Papers (of up to 8 pages), Position Papers (of up to 4 pages) or Extended Abstracts/Posters (of upto 2 pages) presenting previously unpublished novel work. All submisisons will be peer-reviewed separately in their own categories. Each accepted paper must be presented by one registered author. Please prepare your manuscripts in the IEEE camera-ready format. For formatting instructions, please see LaTeX macro or Word template below


All papers must be submitted by October 27, 2011 / November 3, 2011 November 14, 2011 to the easychair submission site.

Organizing Committee

Palanivel Kodeswaran, IBM Research-India
Shalini Kapoor, IBM Research-India
Lalana Kagal, MIT CSAIL

Program Committee

Sasikanth Avancha, Intel
Dipanjan Chakraborty, IBM Research India
William Enck, North Carolina State University
Partha Dasgupta, Arizona State University
Tim Finin, University of Maryland Baltimore County
Daniel Gatica-Perez, IDIAP
Hoyoung Jeung, Swiss Federal Institute of Technology
Jaeyeon Jung, Microsoft Research Redmond
Salil Kanhere, University of New South Wales
Ponnurangam Kumaraguru, Indraprastha Institute of Information Technology, Delhi
Wenjia Li, Georgia Southern University
Giridhar Mandayam, Qualcomm
Sridhar Muppidi, IBM
Daniela Nicklas, University of Oldenburg
Naohiko Uramoto, IBM Research Tokyo
Filip Perich, Shared Spectrum
Jacob Sorber, Dartmouth
Mathew Wright, University of Texas, Arlington
Nan Zhang, George Washington University

Contact

palani.kodeswaran@in.ibm.com