Philipp von Styp-Rekowsky


Research Assistant & PhD Student

I am a research assistant and PhD student at the Information Security and Cryptography Group at Saarland University.

My research focus is mobile security, specifically Android, with a strong emphasis on solutions that can be deployed at the application layer. Topics and techniques include inline reference monitoring, static and dynamic program analysis, program instrumentation and virtualization. My advisor is Michael Backes.

Projects

Boxify


We present the first concept for full-fledged app sandboxing on stock Android. Our approach is based on application virtualization and process-based privilege separation to securely encapsulate untrusted apps in an isolated environment. In contrast to all related work on stock Android, we eliminate the necessity to modify the code of monitored apps, and thereby overcome existing legal concerns and deployment problems that rewriting-based approaches have been facing. We realize our concept as a regular Android app called Boxify that can be deployed without firmware modifications or root privileges. A systematic evaluation of Boxify demonstrates its capability to enforce established security policies without incurring a significant runtime performance overhead.


More information about Boxify can be found at the project website.

AppGuard


AppGuard enhances Android's permission system by allowing users to configure and enforce fine-grained security and privacy policies on arbitrary third-party applications. The system is designed for deployment as a regular Android app and does not require root privileges or the like. AppGuard not only allows dynamic revocation of existing permissions but supports complex security policies, such as restricting Internet access to certain hosts or enforcing the usage of HTTPS over HTTP. AppGuard is based on inline-reference monitoring and integrates the security monitor directly into single applications. The first version of AppGuard followed a pure caller-site rewriting approach that merged our security checks into the actual application code, whereas the newest approach moved to a hybrid caller-side/callee-side rewriting technique: we change function pointers directly in memory to redirect function calls to our security monitor. Our experiments have proven the practicality of AppGuard which incurs only negligible space and runtime overhead. AppGuard has already been downloaded by more than 1,000,000 users.


More information about AppGuard can be found at www.srt-appguard.com.

Android Security Framework


Android Security Framework (ASF) is a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of ASF reflects lessons learned from the literature on established security frameworks (such as Linux Security Modules or the BSD MAC Framework) and intertwines them with the particular requirements and challenges from the design of Android’s software stack. ASF provides a novel security API that supports authors of Android security extensions in developing their modules. This overcomes the current unsatisfactory situation to provide security solutions as separate patches to the Android software stack or to embed them into Android’s mainline codebase. As a result, ASF provides different practical benefits such as a higher degree of acceptance, adaptation, and maintenance of security solutions than previously possible on Android. We present a prototypical implementation of ASF and demonstrate its effectiveness and efficiency by modularizing different security models from related work, such as context-aware access control, inlined reference monitoring, and type enforcement.


More information about ASF can be found at the project website.

Publications

Conferences and Workshops

Boxify: Full-fledged App Sandboxing for Stock Android

Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, Philipp von Styp-Rekowsky

24th USENIX Security Symposium (SEC'15), 2015

Poster: Full-fledged App Sandboxing for Stock Android

Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, Philipp von Styp-Rekowsky

36th IEEE Symposium on Security & Privacy (S&P'15), 2015

Android Security Framework: Extensible Multi-Layered Access Control on Android

Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp von Styp-Rekowsky

30th Annual Computer Security Applications Conference (ACSAC'14), 2014

AppGuard – Fine-grained Policy Enforcement for Untrusted Android Applications

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky

8th International Workshop on Data Privacy Management (DPM'13), 2013

AppGuard – Enforcing User Requirements on Android Apps

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky

19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'13), 2013

Callee-site Rewriting of Sealed System Libraries

Philipp von Styp-Rekowsky, Sebastian Gerling, Michael Backes, Christian Hammer

5th International Symposium on Engineering Secure Software and Systems (ESSoS'13), 2013

Journals and Technical Reports

Android Security Framework: Enabling Generic and Extensible Access Control on Android

Michael Backes, Sven Bugiel, Sebastian Gerling, Philipp von Styp-Rekowsky

Technical report A/01/2014, Saarland University, 2014

AppGuard – Fine-grained Policy Enforcement for Untrusted Android Applications

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky

Technical Report A/02/2013, Saarland University, 2013

Gezielte Vergabe von App-Rechten in Android - Smartphones für den Arbeitsalltag sichern

Michael Backes, Sebastian Gerling, Philipp von Styp-Rekowsky

In IT-Sicherheit Ausgabe 1/2013

AppGuard – Real-time policy enforcement for third-party applications

Michael Backes, Sebastian Gerling, Christian Hammer, Matteo Maffei, Philipp von Styp-Rekowsky

Technical Report A/02/2012, Saarland University, 2012

Awards

5th German IT Security Award

3rd place with the project SRT AppGuard: Permission Management for Android

Together with Michael Backes and Sven Obser

Awarded by the Horst Görtz Stiftung in October 2014

Saarland Award for Outstanding University Education

For the Proseminar Hacking held in Summer 2014 at the Computer Science Department of Saarland University

Together with Prof. Michael Backes, Prof. Christoph Sorge, Sven Bugiel, Stefan Nürnberger, Frederik Möllers

Awarded by the State of Saarland in March 2015

Education

Since 2011

PhD Student

from 2011 to present day

Saarland University

I am a member of the Information Security and Cryptography Group. My advisor is Michael Backes.

2011

M.Sc. in Computer Science

from 2008 to 2011

Saarland University

Thesis title: “Towards Time-Adaptive Feature Design in Music Signal Processing”. Advisor: Prof. Dr. Meinard Müller (Cluster of Excellence for Multimodal Computing and Interaction). Modules included: Software Engineering, Security, Operating Systems, Artificial Intelligence, Computer Vision.

2008

B.Sc. in Computer Science

from 2005 to 2008

Saarland University

Thesis title: “Analysis of User Interactions with Intelligent Tutoring Systems for Meta-Cognitive Support of Learners”. Advisor: PD Erica Melis (German Research Institute for Artificial Intelligence). Modules included: Data Networking, Cryptography, Information Retrieval and Data Mining, Machine Learning.

2004

Abitur

from 1995 to 2004

Marienschule Saarbrücken

A-Levels: Math, Physics, English. Award for outstanding performance in Physics and Computer Science.

Work Experience

since 2012

Backes SRT GmbH

from 2011 to present day

Chief Technical Officer

Research and development of security and privacy-enhancing apps for Android. Design and implementation of custom forensics tools for government agencies. Penetration testing and security consulting. Chief Executive Officer from 2012 to 2013.

→ View website

2007 - 2011

Softgarden GmbH

from 2007 to 2011

Software Engineer

Design and implementation of reusable software components and frameworks for an enterprise-level Human Resources Management System. Requirements engineering, specification, conceptual design and development of new software products and features.

→ View website

2004 - 2006

Media Soma GbR

from 2004 to 2006

Web Developer

Designed and implemented a modular, web-based Content Management System for users with disabilities.

2000 - 2003

Plan Software GmbH

from 2000 to 2003

Summer Intern

Participated in the development of intelligent product configuration software, developed in-house tools and created the company website. Several summer internships totalling approx. 7 months of work.

→ View website

Contact Information

Postal Address
Saarland University
Campus E1 1
Room 2.16
66123 Saarbrücken
Email
styp-rekowsky@cs.uni-saarland.de
Phone
+49 681 302 57368