Designing system-level defenses against cellphone malware

Proceedings of the IEEE Symposium on Reliable Distributed Systems

Volumn , Issue , 2009, Pages 83-90

  Xie, Liang ^a   Zhang, Xinwen ^b   Chaugule, Ashwin ^a   Jaeger, Trent ^a   Zhu, Sencun ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b SAMSUNG INFORMATION SYSTEMS AMERICA   (United States)

Author keywords

Cellphone malware; Graphic turing test; Mandatory access control

Indexed keywords

BATTERY POWER; CELL PHONE; DESIGNING SYSTEMS; FALSE POSITIVE; GRAPHIC TURING TESTS; MALICIOUS CODES; MALICIOUS TRAFFIC; MALWARES; MANDATORY ACCESS CONTROL; NEW PROCESS; PROGRAM FLOW; SECURITY DOMAINS; SECURITY THREATS; SMARTPHONES; SYMBIAN; SYSTEM LEVELS;

ARTIFICIAL INTELLIGENCE; COMPUTER CRIME; COMPUTER OPERATING SYSTEMS; NETWORK SECURITY; SECURITY SYSTEMS; TELEPHONE; TELEPHONE SETS;

ACCESS CONTROL;

EID: 74949101283     PISSN: 10609857     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SRDS.2009.21     Document Type: Conference Paper

References (40)

1. "http://www.us-cert.gov/pressroom/trendsandanalysisq108.pdf, ".
2. M. Hypponen, "State of cell phone malware in 2007, http://www.usenix.org/events/sec07/tech/hypponen.pdf, ".
3. E. Chien, "Security response: Symbos.skull, symantec, 2004, ".
4. P. Ferrie, P. Szor, R. Stanev, and R. Mouritzen, "Security response: Symbos.cabir," Symantec Corporation, 2004.
5. E. Chien, "Security response: Symbos.mabir, symantec, 2005, ".
6. "http://www.idc.com/getdoc.jsp?containerid=206072, ".
7. "http://www.f-secure.com/v-descs/flexispya.shtml, ".
8. A. Bose and K. Shin, "Proactive security for mobile messaging networks," in Proc. of WiSe, 2006.
9. J. Chen, S. Wongand, H. Yang, and S. Lu, "Smartsiren: Virus detection and alert for smartphones," in MobiSys, 2007.
10. C. Mulliner, G. Vigna, D. Dagon, and W. Lee, "Using labeling to prevent cross-service attacks against smartphones," in DIMVA, 2006.
11. C. Mulliner and G. Vigna, "Vulnerability analysis of mms user agents," in Proc. of ACM ACSAC, 2006.
12. "http://en.wikipedia.org/wiki/stack-buffer-overflow, ".
13. R. Sailer, X. Zhao, T. Jaeger, and L. Doom, "Design and implementation of a tcg-based integrity measurement architecture," in Proc. of Usenix Security Symposium, 2004.
14. T. Jaeger, R. Sailer, and U. Shankar, "Prima: Policy-reduced integrity measurement architecture," in Proc. of SACMAT, 2006.
15. "http://www.virtuallogix.com/, ".
16. P. Loscocco and S. Smalley, "Integrating flexible support for security policies into the linux operating system," in Proceedings of USENIX Annual Technical Conference, 2001.
17. W. E. Boebert and R. Y. Kain, "A practical alternative to hierarchical integrity policies," in Proceedings of the Eighth National Computer Security Conference, 1985.
18. W. Enck, P. Traynor, P. McDaniel, and T. La Porta, "Exploiting open functionality in sms-capable celluar networks," in ACM CCS, 2005.
19. "http://www.3gpp.org/ftp/specs/archive, ".
20. "http://www.cse.psu.edu/~lxie/techrep/, ".
21. "http://trolltech.com/products/qtopia, ".
22. "http://trolltech.com/products/qtopia/qtopiainuse/qtopiadevices, ".
23. "http://www.pcmag.com/article2/0, 4149, 1306805, 00.asp, ".
24. W. Morein, A. Stavrou, D. Cook, A. Keromytis, V. Misra, and D. Rubenstein, "Using graphic turing tests to counter automated ddos attack against web servers," in ACM CCS, 2003.
25. L. Ahn, M. Blum, N. Hopper, and J. Langford, "CAPTCHA: Using Hard AI Problems for Security," in EUROCRYPT, 2003.
26. "http://www.captcha.net/captchas/gimpy, ".
27. "http://www.cs.sfu.ca/~mori/research/gimpy, ".
28. "http://www.elinux.org/osk, ".
29. "http://www.cse.psu.edu/~lxie/snapshots/, ".
30. M. Lactaotao, "Security information: Virus encyclopedia: Symbos comwar.a: Technical details," Trend Micro Inc., 2005.
31. E. Chien, "Security response: Symbos.lasco.a, symantec, 2005, ".
32. "http://sourceforge.net/projects/lmbench/, ".
33. A. Bose and et al., "Behavioral detection of malware on mobile handsets," in MobiSys, 2008.
34. Deepak Venugopal, Guoning Hu, and Nicoleta Roman, "Intelligent virus detection on mobile devices," in PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust, 2006, pp. 1-4.
35. H. Kim, J. Smith, and K. G. Shin, "Detecting energy-greedy anomalies and mobile malware variants," in Proc. of The International Conference on Mobile Systems, Applications, and Services, 2008.
36. L. Xie, H. Song, T. Jaeger, and S. Zhu, "Towards a systematic approach for cell-phone worm containment," in in Proc. of WWW (poster paper), 2008.
37. R. Racic, D. Ma, and H. Chen, "Exploiting mms vulnerabilities to stealthily exhause mobile phone's battery," in IEEE SecureComm, 2006.
38. Z. Zhu, G. Cao, S. Zhu, S. Ranjan, and A. Nucci., "A social network based patching scheme for worm containment in cellular networks," in Proceedings of IEEE Infocom, 2009.
39. L. Xie, H. Song, and S. Zhu, "On the effectiveness of internal patch dissemination against file-sharing worms," in Proc. of ACNS, 2008.
40. L. Xie and S. Zhu, "Message dropping attacks in overlay networks: Attack dectection and attacker identification," in Proc. of SecureComm, 2006.