SPLASH 2015
Objectives
Theme and Topics
Important Dates
Call for Papers
Program
Keynote Speakers
Papers Submission
Organization
Our Events
  • Mobile security,
    Robert C. Seacord

    Abstract: Research into secure coding practices and automation techniques can be applied to mobile platforms to insure that developed software on these devices are secure while not compromising other system properties such as performance or reliability. Security on mobile devices has not kept pace with traditional computer security and mobile phone operating systems are not updated as frequently as those on personal computers. In both the personal computer and mobile platform arena current security engineering methods are demonstrably inadequate at identifying software vulnerabilities. These vulnerabilities are caused by software designs and implementations that do not adequately protect systems and by development practices that do not focus sufficiently on eliminating implementation defects that result in security flaws. This been especially true in the area of mobile platforms where the number of new vulnerabilities in mobile operating systems is increasing dramatically and mobile malware now presents a tangible threat. An opportunity exists for systematic improvement that can lead to secure mobile software applications and implementations.  This keynote will discuss common vulnerabilities and exploits on mobile devices and describe current research into secure coding practices and automation techniques that can be used to detect and remediate these attacks.

    Bio: Robert C. Seacord is the secure coding technical manager in the CERT Division of Carnegie Mellon University's Software Engineering Institute (SEI). The CERT Program is a trusted provider of operationally relevant cybersecurity research and innovative and timely responses to our nation's cybersecurity challenges. The Secure Coding Initiative works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. Robert is also an adjunct professor in the Institute for Software Research and the Information Networking Institute at Carnegie Mellon University. He is the author of eight books, including The CERT C Coding Standard, Second Edition (Addison-Wesley, 2014), Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013), and Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (Addison-Wesley, 2014). He has also published more than 40 papers on software security, component-based software engineering, Web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development. Robert has been teaching secure coding in C and C++ to private industry, academia, and government since 2005. He started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He represents Carnegie Mellon University (CMU) at the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.