[liberationtech] Feb. 9 at Stanford -- Ben Livshits: PrePose: Security and Privacy for Gesture-Based Programming

Yosem Companys companys at stanford.edu
Wed Feb 4 19:02:27 PST 2015 

From: David Wu <dwu4 at cs.stanford.edu>

PrePose: Security and Privacy for Gesture-Based Programming

                        Ben Livshits

                  Monday, February 9, 2015
                       Talk at 4:15pm
                         Gates 463

Abstract:

With the rise of sensors such as the Microsoft Kinect, Leap Motion, and hand
motion sensors in phones such as the Samsung Galaxy S5, natural user
interface
(NUI) has become practical. NUI raises two key challenges for the developer:
first, developers must create new code to recognize new gestures, which is
a time consuming process. Second, to recognize these gestures, applications
must have access to depth and video of the user, raising privacy problems.

We address both problems with PrePose, a novel domain-specific language
(DSL)
for easily building gesture recognizers,  combined with a system
architecture
that protects user privacy against untrusted applications by running PrePose
code in a trusted core, and only interacting with applications via gesture
events. PrePose lowers the cost of developing new gesture recognizers by
exposing a range of primitives to developers that can capture many different
gestures. Further, PrePose is designed to enable static analysis using SMT
solvers, allowing the system to check security and privacy properties before
running a gesture recognizer. We demonstrate that PrePose is expressive by
creating novel gesture recognizers for 28 gestures in three representative
domains: physical therapy, tai-chi, and ballet. We further show that
matching
user motions against PrePose gestures is efficient, by measuring on traces
obtained from Microsoft Kinect runs.

We demonstrate that static analysis of PrePose code is efficient, and
investigate how analysis time scales with the complexity of gestures. Our
Z3-based approach scales well in practice: safety checking is under 0.5
seconds per gesture; average validity checking time is only 188 ms; lastly,
for 97% of the cases, the conflict detection time is below 5 seconds, with
only one query taking longer than 15 seconds.

Bio:

Ben Livshits is a  research scientist at Microsoft Research  in Redmond, WA
and  an affiliate professor at  the  University  of  Washington.  Originally
from  St.  Petersburg, Russia, he received a bachelor's degree in Computer
Science and Math from  Cornell University in 1999,  and his M.S. and
Ph.D.  in
Computer  Science from  Stanford University  in 2002  and 2006,
respectively.
Dr. Livshits' research interests include application  of sophisticated
static
and dynamic  analysis techniques to finding errors in programs.

Ben has published papers at PLDI, POPL, Oakland Security, Usenix Security,
CCS, SOSP, ICSE, FSE, and many other venues.  He is known  for his work  in
software reliability and especially tools to improve software security,
with a
primary focus  on approaches to finding buffer overruns in  C programs
and  a
variety  of  security  vulnerabilities (cross-site scripting, SQL
injections,
etc.)  in  Web-based  applications.  He  is  the  author  of  several dozen
academic papers and patents.  Lately, he  has  been  focusing  on topics
ranging from security and privacy to crowdsourcing an augmented reality. Ben
generally does not speak of himself in the third person.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20150204/16163b64/attachment.html>

More information about the liberationtech mailing list