Modern internet applications are complex software artifacts, hosted on multiple infrastructures that rely on one another to provide proper functionality. On the one hand, due to the prohibitive size of the codebase and the constant interactions among the components, program verification is not a viable solution for testing the properties of such applications. On the other hand, guaranteeing compliance with specifications becomes even more challenging when we include stringent requirements such as confidentiality, data minimization, or accountability. Finally, commercial implementations are known for diverting from standards, opting for proprietary software whose behavior is rarely documented.
In this talk, I will show how data-driven approaches can help us bridge this gap by developing scalable solutions to monitor the internals of internet applications and assess the risks for end-users and service owners. To this end, I will present three recent works where data-driven techniques helped us to uncover dependencies among different organizations and gather real-world evidence on how the collected data gets handled. I will first introduce and examine the emerging ecosystem of dedicated IoT backends, where specialized companies provide gateway infrastructures for IoT devices.
As a second example, I will present an automated system created to asses how and where a given website is hosted. Finally, I will conclude the talk with a large-scale study performed using a framework we developed to uncover the privacy risks citizens face when accessing governmental websites.
Srdjan received his Ph.D. in 2017 from the Università degli Studi di Milano. During the Ph.D. he investigated new techniques for recovering sensitive information from hidden servers in anonymity networks. From 2018 to 2020, he has been a postdoctoral researcher at the University College London and the Technische Universität Berlin, studying Internet privacy and abuses in the IoT ecosystem. In 2021, he spent six months as a postdoctoral researcher at the IMDEA Networks before joining the IMDEA Software Institute.
This event will be conducted in English