Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

TC Ma,SP Li

DOI: https://doi.org/10.1109/clustr.2003.1253356

2003-01-01

Cluster Computing

Abstract:In this paper, an instance-oriented security mechanism is proposed, to attack possible security threats in grid-based mobile agent system. The proposed delegation profile allows application systems to define their own security instances, while it provides mechanisms to delegate one's identity on those instances, instead of on certain hosts, just like the conventional delegation does. This can prevent the delegated host from abusing privileges. By adopting the new delegation profile kernel, a new trust framework is then proposed to enhance the security verification ability and provide more fine-grained authorization to mobile agent platforms.

Marco Pistoia

DOI: https://doi.org/10.1145/2810103.2812703

2015-10-12

Abstract:Program analysis has become an essential tool to verify the correctness of programs before these are deployed to end users' computers and devices. Detecting security problems in today's mobile applications by just relying on manual code inspection is unrealistic. Testing is also limited because there is often no guarantee that all the possible paths of execution of an application are tested under all the possible inputs, and so false negatives may arise. Static analysis is a very promising solution but suffers from the dual problem of false positives. A combination of static and dynamic analysis mitigates the disadvantages that arise when static and dynamic analysis are executed individually and is, therefore, the recommended solution to detect and correct application-level cyber security attacks in mobile applications. This tutorial presents both static and dynamic analysis approaches to enforce privacy of mobile applications, and includes a hands-on lab that teaches the audience how to use create a static-analysis solution that verifies the integrity and confidentiality of the data managed by the program itself.

Lian Yu,Jun Zhou,Yue Yi,Jianchu Fan,Qianxiang Wang

DOI: https://doi.org/10.1109/qsic.2009.10

2009-01-01

Abstract:Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy Inference System is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach.

LUO Xiao-Guang,WANG Sheng-Yuan,DONG Yuan,ZHANG Su-Qin

DOI: https://doi.org/10.3969/j.issn.1002-137X.2007.02.070

2007-01-01

Computer Science

Abstract:Using certifying compiler for the the safety solution of mobile codes is a new approache in the literature,featured with that a large percentage of the load for checking the safty policy can be transfered from a code consumer to a code producer so that the much run-time load at the code consumer can be reduced.Besides,it is more trustworthy and can support the verification of anonymous codes because the code itself instead of the authority of a code producer is verified.An analysis for such a reasearch is presented in the paper.It can be seen that supporting a higher level safety policy would be one of the potential focused directions in this area to get more widely applications.Our preliminary work on this direction is introduced briefly between the lines,in order to share it with other researchers.

Jianlin Xu,Yifan Yu,Zhen Chen,Bin Cao,Wenyu Dong,Yu Guo,Junwei Cao

DOI: https://doi.org/10.1109/tst.2013.6574680

2013-01-01

Tsinghua Science & Technology

Abstract:With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.

Jia Jie,Zhang Zhaoyang,Chen Jian,Zhao Linliang,Wang Xingwei

DOI: https://doi.org/10.1109/PCSPA.2010.83

2010-01-01

Abstract:Security plays an important role in the ability to deploy and retrieve trustworthy data for a wireless sensor network. Secure coverage is an effective defense against attacks which take advantage of a lack of deployment information. In this work, on the basis of improved genetic algorithm, a novel algorithm is proposed to guarantee the effect of secure surveillance. Comparison and simulation results show that the proposed solution outperforms the virtual force algorithm in terms of coverage rate and secure connectivity.

Jun Zhu,Jing Xie,Heather Richter Lipford,Bill Chu

DOI: https://doi.org/10.1016/j.jare.2013.11.006

IF: 12.822

2014-01-01

Journal of Advanced Research

Abstract:Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Jinran Du,Huajun Chen,Weijie Zhong,Zhen Liu,Aidong Xu

DOI: https://doi.org/10.1109/icsai.2018.8599356

2018-01-01

Abstract:With the rapid spread of wireless networks and 4G networks, the application of mobile intelligent terminals has become more and more widespread. At the same time, there are more and more malicious software for mobile terminals, especially for the Android platform. Aiming at the detection problem of Android malicious code, a dynamic and static combined Android malicious code detection model based on SVM was proposed. Firstly, the dynamic and static features of Android program are extracted. Then, these features were vectored, used for the training and testing of SVM (Support vector machine). As shown in the experiments, the correct detection rate of Android malware is as high as 94.38%, recall rate achieving 98.46%, proved the effectiveness of the method.

Aneta Zwierko,Zbigniew Kotulski

DOI: https://doi.org/10.48550/arXiv.cs/0506103

2005-06-29

Cryptography and Security

Abstract:The recent developments in the mobile technology (mobile phones, middleware) created a need for new methods of protecting the code transmitted through the network. The proposed mechanisms not only secure the compiled program, but also the data, that can be gathered during its "journey". The oldest and the simplest methods are more concentrated on integrity of the code itself and on the detection of unauthorized manipulation. Other, more advanced proposals protect not only the code but also the execution state and the collected data. The paper is divided into two parts. The first one is mostly devoted to different methods of securing the code and protecting its integrity; starting from watermarking and fingerprinting, up to methods designed specially for mobile agent systems: encrypted function, cryptographic traces, time limited black-box security, chained-MAC protocol, publicly-verifiable chained digital signatures The second part presents new concept for providing mobile agents with integrity protection, based on a zero-knowledge proof system.

Donies Samet,Farah Barika Ktata,Khaled Ghedira

DOI: https://doi.org/10.1007/s10515-023-00408-7

IF: 1.677

2024-01-11

Automated Software Engineering

Abstract:Security is a very important challenge in mobile agent systems due to the strong dependence of agents on the platform and vice versa. According to recent studies, most current mobile agent platforms suffer from significant limitations in terms of security when they face Denial of Service (DOS) attacks. Current security solutions even provided by the mobile agent platforms or by the literature focus essentially on individual attacks and are mainly based on static models that present a lack of the permissions definition and are not detailed enough to face collaborative DOS attacks executed by multiple agents or users. This paper presents a security framework that adds security defenses to mobile agent platforms. The proposed security framework implements a standard security model described using MA-UML (Mobile Agent-Unified Modeling Language) notations. The framework lets the administrator (of agents' place) define a precise and fine-grained authorization policy to defend against DOS attacks. The authorization enforcement in the proposed framework is dynamic : the authorization decisions executed by the proposed framework are based upon run-time parameters like the amount of activity of an agent. We implement an experiment on a mobile agent system of e-marketplaces. Given that we focus essentially on the availability criterion, the performance of the proposed framework on a place is evaluated against DOS and DDOS attacks and investigated in terms of duration of execution that is the availability of the place.

computer science, software engineering

ZHANG Yang,CAO Ying-Chun,XIE Li

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.03.004

2005-01-01

Computer Science

Abstract:Mobile agent is a new kind of network computing paradigm in the field of distributed computing. Because of its distinguished advantages, such as asynchrony,autonomy,mobility,mobile agent is likely to become the dominant approach in network applications. However,with the popu1arity of mobile agent technology,more and more challenges come from those possible security threats in mobile agent systems. Starting from a detailed analysis of these security threats on mobile agent systems,we describe and compare the primary countermeasures for mobile agent security. Some representative mobile agent systems are introduced and their security mechanisms are evaluated.

Zhifei Chen,Lin Chen,Baowen Xu

DOI: https://doi.org/10.1109/WISA.2014.26

2014-01-01

Abstract:Python is widely used to create and manage complex, database-driven websites. However, due to dynamic features such as dynamic typing of variables, Python programs pose a serious security risk to web applications. Most security vulnerabilities result from the fact that unsafe data input reaches security-sensitive operations. To address this problem, information flow analysis for Python programs is proposed to enforce this property. Information flow can capture the fact that a particular value affects another value in the program. In this paper, we present a novel approach for analyzing information flow in Python byte code which is a low-level language and is more widely broadcast. Our approach performs a hybrid of static and dynamic control/data flow analysis. Static analysis is used to study implicit flow, while dynamic analysis efficiently tracks execution information and determines definition-use pair. To the best of our knowledge, it is the first one for Python byte code.

Xiaoyu Sun

DOI: https://doi.org/10.48550/arXiv.2302.07467

2023-02-15

Abstract:Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking, etc. Even though the Android OS offers powerful communication and application execution capabilities, it is riddled with defects (e.g., security risks, and compatibility issues), new vulnerabilities come to light daily, and bugs cost the economy tens of billions of dollars annually. For example, malicious apps (e.g., back-doors, fraud apps, ransomware, spyware, etc.) are reported [Google, 2022] to exhibit malicious behaviours, including privacy stealing, unwanted programs installed, etc. To counteract these threats, many works have been proposed that rely on static analysis techniques to detect such issues. However, static techniques are not sufficient on their own to detect such defects precisely. This will likely yield false positive results as static analysis has to make some trade-offs when handling complicated cases (e.g., object-sensitive vs. object-insensitive). In addition, static analysis techniques will also likely suffer from soundness issues because some complicated features (e.g., reflection, obfuscation, and hardening) are difficult to be handled [Sun et al., 2021b, Samhi et al., 2022].

Cryptography and Security,Software Engineering

Chen Zhong

2005-01-01

Abstract:In this paper,a policy-based secure application framework for mobile devices is proposed.This framework uses XML to describe access control policy,integrates authentication,trusted channel and other security mechanisms to control the user’s secure access to the device’s resources and network services through devices.

Xiaokai Ma,Zhemin Yang

DOI: https://doi.org/10.3969/j.issn.1000-386x.2017.11.058

2017-01-01

Abstract:With the development of malware detection and analysis techniques,a large number of malwares use evasion techniques to fight against security analysis.Among these evasion techniques,code-hiding evasion techniques hide application code from static analysis,thus cause analysis results wrong or incomplete.The explosive growth of malware required automated detection of code-hiding evasion techniques.Through manual analysis of 142 malicious samples,this paper summarized an approach for detecting code-hiding evasion techniques and implemented a generic automated detection framework.We use the detection framework to do experiments on 2 278 samples in a third party applications market,and find that 34.9％ samples use code-hiding evasion techniques.

Junhua Ding,Jidong Ge

DOI: https://doi.org/10.1109/apscc.2012.43

2012-01-01

Abstract:Code mobility provides a flexible paradigm for building high performance mobile computing systems. Because code mobility can cause dynamic configuration of system structures in mobile computing systems, assuring design quality of the system is challenge. Formal specification and analysis provide a rigorous way to ensure system requirements are correctly designed. In this paper, we first introduce the formalism developed based on high level Petri nets and a communication channel mechanism for modeling mobile computing systems specifically code mobility. The formalism has the expressive capacity to naturally model mobile computing systems, and easily define mobility and mobile communication properties in the system. Then we model three representative styles of code mobility in mobile computing systems using the formalism. The formal models developed in this paper provide a solid foundation for formal analysis of code mobility. The formal analysis approach used for analyzing the code mobility models is illustrated via model checking the code mobility models using symbolic model checking tool NuSMV. Through successfully modeling and model checking the code mobility, the paper demonstrates that formal specification and modeling checking provide an effective and efficient way to ensure the design quality of mobile computing systems.

Sunjun Lee Sunjun Lee,Yonggu Shin Sunjun Lee,Minseong Choi Yonggu Shin,Haehyun Cho Minseong Choi,Jeong Hyun Yi Haehyun Cho

DOI: https://doi.org/10.53106/160792642024032502003

2024-03-01

網際網路技術學刊

Abstract:A lot of the recently reported malware is equipped with the anti-analysis techniques (e.g., anti-emulation, anti-debugging, etc.) for preventing from being the analyzed, which can delay detection and make malware alive for a longer period. Therefore, it is of the great importance of developing automated approaches to defeat such anti-analysis techniques so that we can handle and effectively mitigate numerous malware. In this paper, by analyzing 1,535 malicious applications, we found that 18.31% of them equipped with anti-analysis techniques. Next, we propose a novel, dynamic analyzer, named DOOLDA, for automatically invalidating anti-analysis techniques through dynamic instrumentation. DOOLDA monitors executions of Android applications’ entire code layers (i.e., bytecode and native code). Based on monitoring results, DOOLDA finds the code related to anti-analysis techniques and invalidates the anti-analysis techniques by instrumenting it. To demonstrate the effectiveness of DOOLDA, we show that it can invalidate all known anti-analysis techniques. Also, we compare DOOLDA with other dynamic analyzers.  

computer science, information systems,telecommunications

Zhang Xiaohan,Zhang Yuan,Chi Xinjian,Yang Min

DOI: https://doi.org/10.11999/jeit191036

2020-01-01

Abstract:Android system is now increasingly used in different kinds of smart devices, such as smart phones, smart watches, smart TVs and smart cars. Unfortunately, reverse attacks against Android applications are also emerging, which not only violates the intellectual right of application developers, but also brings security risks to end users. Existing Android application protection methods such as naming obfuscation, dynamic loading, and code hiding can protect Java code and native (C/C++) code, but are relatively simple and easy to be bypassed. A more promising method is to use instruction virtualization, but previous binary-based methods target specific architecture (x86), and cannot be applied to protect Android devices with different architectures. An architecture-independent instruction virtualization method is proposed, a prototype named Virtual Machine Packing Protection (VMPP) to protect Android native code is designed and implemented. VMPP includes a register-based fix-length instruction set, an interpreter to execute virtualized instructions, and a set of toolchains for developers to use to protect their code. VMPP is tested on a large number of C/C++ code and realworld Android applications. The results show that VMPP can effectively protect the security of Android native code for different architectures with low overhead.

Xuerui Pan,Yibing Zhongyang,Zhi Xin,Bing Mao,Hao Huang

DOI: https://doi.org/10.1109/trustcom.2014.36

2014-01-01

Abstract:Recently the market of Android has shown an explosive development. Unfortunately the increasing popularity turns the Android platform into the main target of malware. At the same time, the limited security protection built-in Android makes the situation much worse. In this paper, we present a new framework named Defensor which takes the practicability and effectiveness into consideration. The core part of Defensor is built in Linux kernel, which results in a small size of TCB. Defensor is a system-wide lightweight inspecting framework. It can closely monitor the malicious behaviors within and across applications, such as sending SMS to premium rate numbers, stealing privacy from the compromised device and getting root privileges through root exploits. This type of monitor is mandatory. Any application installed on the phone and any component including malicious native code can't bypass it. Defensor can not only rebuild the high level behaviors from system calls, but also extract the context information that the behavior runs in. Context-based information likes background and foreground contributes a lot to the accuracy of malware detection. We have tested Defensor on real malware to prove its effectiveness. Finally, an experimental evaluation showing that the overhead introduced by Defensor is limited.