Congratulations Musard Balliu!
On the award for your work on detecting vulnerabilities in Facebook
"Threats from malicious third-party code are real, leading to large-scale misuses of sensitive information, for example, compromising democratic processes like elections.”
Musard Balliu has received an award for his proposal on how to design techniques and tools that enable programmers to automatically detect, evaluate, and visualise violations of security and privacy policies in malicious applications.
We have spoken to Musard Balliu, Associate Professor at The Division of Theoretical Computer Science, about his work on detecting security and privacy violations for Facebook users and his thoughts on why this is so important.
Please tell us about the award and your research that gave you the award.
”In April, Facebook launched a request for proposals in Privacy Enhancing Technologies with the goal of minimising sensitive data exposure, while enabling a range of products and use cases, for example Ads and Messaging. Together with my colleague Marco Guarnieri from IMDEA Software Institute (Spain), we wrote a proposal to design techniques and tools that enable programmers to automatically detect, evaluate, and visualize violations of security and privacy policies in applications that can be malicious or simply buggy.”
”This is a very challenging problem which security researchers, including us at KTH, have been tackling for many years. Therefore, it is exciting to explore how the technology developed in our research labs could be used to enhance privacy for billions of users.”
”This is a very challenging problem which security researchers, including us at KTH, have been tackling for many years. Therefore, it is exciting to explore how the technology developed in our research labs could be used to enhance privacy for billions of users.”
Why is this important?
”Modern applications commonly rely on services and code from different providers, opening up possibilities for attacks. Unfortunately, the use of third-party services and code is no longer optional, as many companies root their business model on cost-free services, as in the case of Facebook and YouTube that are financed by displaying third-party ads. The problem is that these services can be malicious or get compromised, hence it is essential to develop tools that detect security and privacy violations.”
”This award will enable us to collaborate closely with Facebook researchers and validate our findings in the real-world setting, receiving feedback on the advantages and limitations of our technology. We will then use this feedback to do more research and improve our tools, ultimately building a usable system that can uncover vulnerabilities in Facebook's applications.”
What impact can this have on society?
”The breach of personal data of more than 50 million Facebook users by Cambridge Analytica's malicious app provides alarming evidence that threats from malicious third-party code are real, leading to large-scale misuses of sensitive information, for example, compromising democratic processes like elections.”
“In Sweden, the recent ransomware attack on the Coop grocery stores caused severe interruptions in the food supply chain for several days. And the list goes on and on. We believe that by developing and deploying technologies that detect malicious uses of sensitive data will significantly decrease the number of attacks and increase the users' trust in digital technologies.”
The announcement of the award winners
