Security versus energy tradeoffs in host-based mobile malware detection

MobiSys'11 - Compilation Proceedings of the 9th International Conference on Mobile Systems, Applications and Services and Co-located Workshops

Volumn , Issue , 2011, Pages 225-238

  Bickford, Jeffrey ^a   Lagar Cavilla, H Andrés ^b   Varshavsky, Alexander ^b   Ganapathy, Vinod ^a   Iftode, Liviu ^a  

^a RUTGERS UNIVERSITY   (United States)

^b AT AND T LABS RESEARCH   (United States)

Author keywords

energy; mobile malware; rootkits; security

Indexed keywords

BATTERY POWER; DATA-DRIVEN; ENERGY; ENERGY TRADEOFF; HOST-BASED; MALWARES; MOBILE HANDHELD DEVICES; MOBILE MALWARE; PROTECTION MECHANISMS; RAPID GROWTH; ROOTKITS; SCANNING FREQUENCY; SECURITY; SWEET SPOT;

DETECTORS; MOBILE DEVICES; PORTABLE EQUIPMENT;

COMPUTER CRIME;

EID: 79961083689     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1999995.2000017     Document Type: Conference Paper

References (47)

1. OKl4 microvisor. http://www.ok-labs.com/products/okl4-microvisor.
2. Viliv S5 Real Pocket PC. http://www.myviliv.com/v4/product/s5/s5.asp.
3. VMware Mobile Virtualization Platform. www.vmware.com/technology/mobile/.
4. Rootkits, Part 1 of 3: A Growing Threat. http://download.nai.com/ Products/mcafee-avert/whitepapers/akapoor-rootkits1.pdf, April 2006. MacAfee AVERT Labs Whitepaper.
5. 2010 threat predictions. http://www.mcafee.com/us/resources/reports/rp- threat-predictions-2010.pdf, December 2009. MacAfee AVERT Labs Whitepaper.
6. ABC News. Use Your Cell to Monitor Your Smart Home. http://abcnews.go. com/Technology/video/monitor-home-cell-phone-9887403.
7. ARM. Cortex-a9 processor. http://www.arm.com/products/processors/cortex- a/cortex-a9.php.
8. AT&T. AT&T, T-Mobile and Verizon Wireless Announce Joint Venture to Build National Mobile Commerce Network. http://www.att.com/gen/press-room? pid=18767&cdvn=news&newsarticleid=31369&mapcode=corporate|financial.
9. B. Chun and P. Maniatis. Augmented Smartphone Applications Through Clone Cloud Execution. In Proc. 12th Workshop on Hot Topic in Operating Systems, May 2009.
10. A. Baliga, V. Ganapathy, and L. Iftode. Automatic Inference and Enforcement of Kernel Data Structre Invariants. In Proc. Annual Computer Security Applications Conference, December 2008.
11. A. Baliga, V. Ganapathy, and L. Iftode. Detecting kernel-level rootkits using data structure invariants. IEEE Transactions on Dependable and Secure Computing, 8(4), July/August 2011.
12. A. Baliga, P. Kamat, and L. Iftode. Lurking in the Shadows: Identifying Systemic Threats to Kernel Data. In Proc. IEEE Symposium on Security and Privacy, May 2007.
13. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In In Proc. 19th ACM Symposium on Operating Systems Principles, 2003.
14. J. Bickford, R. OH´are, A. Baliga, V. Gannapathy, and L. Iftode. Rootkits on Smart Phones: Attacks, Implications and Opportunities. In Proc. Workshop on Mobile Computing Systems and Applications, February 2010.
15. A. Bose, X. Hu, K. G. Shin, and T. Park. Behavioral Detection of Malware on Mobile Handsets. In Proc. 6th Mobisys, 2007.
16. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data Attacks Are Realistic Threats. In Proc. USENIX Security Symposium, August 2005.
17. M. Christodorescu. Behavior-based Malware Detection. PhD thesis, University of Wisconsin-Madison, August 2007.
18. E. Cuervo and A. Balasubramanian and D. Cho and A. Wolman and S. Saroiu and R. Chandra and P. Bahl. MAUI: Making Smartphones Last Longer with Code Offoad. In Proc. 8th Conference onMobile Systems, Applications and Service, June 2010.
19. W. Enck, M. Ongtang, and P. McDaniel. On Lightweight Mobile Phone Application Certification. In Proc. ACM conference on Computer and Communications Security (CCS), 2009.
20. M. Ernst, J. Perkins, P. Guo, S. McCamant, C. Pacheco, M. Tschantz, and C. Xiao. The Daikon System for Dynamic Detection of Likely Invariants. In Science of Computer Programming, 2006.
21. A. P. Fuchs, A. Chaudhuri, and J. S. Foster. SCanDroid: Automated Security Certification of Android Applications. Manuscript, Univ. of Maryland, http://www.cs.umd.edu/~avik/projects/scandroidascaa.
22. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proc. Network and Distributed Systems Security Symposium, 2003.
23. P. Gilbert, L. Cox, J. Jung, and D. Wetherall. Toward Trustworthy Mobile Sensing. In Proc. Workshop on Mobile Computing Systems and Applications, February 2010.
24. M. Grace, Z. Wang, D. Srinivasan, J. Li, X. Jiang, Z. Liang, and S. Liakh. Transparent Protection of Commodity OS Kernels Using Hardware Virtualization. In Proc. 6th Conference on Security and Privacy in Communication Networks, 2010.
25. O. S. Hofmann, A. M. Dunn, S. Kim, I. Roy, and E. Witchel. Ensuring operating system kernel integrity with osck. In Proc. 16th Conference on Architectural Support for Programming Languages and Operating Systems, March 2011.
26. J. Hwang, S. Suh, S. Heo, C. Park, J. Ryu, S. Park, and C. Kim. Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones. In Consumer Communications and Networking Conference, January 2008.
27. N. L. Petroni Jr., T. Fraser, J. Molina, and W. A. Arbaugh. Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor. In Proc. USENIX Security Symposium, 2004.
28. H. Kim, J. Smith, and K. G. Shin. Detecting Energy-greedy Anomalies and Mobile Malware Variants. In Proc. 6th Conference on Mobile Systems, Applications and Services, 2008.
29. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal Verification of an OS Kernel. In Proc. 22nd ACM Symposium on Operating Systems Principles, October 2009.
30. L. Litty, H. A. Lagar-Cavilla, and D. Lie. Hypervisor Support for Identifying Covertly Executing Binaries. In Proc. 17th USENIX Security Symposium, August 2008.
31. LWN.net. A New Adore Root Kit. lwn.net/Articles/75990/.
32. J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In Proc. European Conference on Computer Systems, April 2008.
33. L. McVoy and C. Staelin. lmbench: Portable tools for performance analysis. In Proc. USENIX Annual Technical Conference, 1996.
34. E. Monti. iPhone Rootkit? There's an App for That. http://sandiego. toorcon.org/index.php?option=com-content&task=view&id=48&Itemid=9, October 2010.
35. G. Neiger, A. Santoni, F. Leung, D. Rodgers, and R. Uhlig. Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. 10(3), August 2006.
36. J. Oberheide and F. Jahanian. When Mobile is Harder Than Fixed (and Vice Versa): Demystifying Security Challenges in Mobile Environments. In Proc. Workshop on Mobile Computing Systems and Applications, February 2010.
37. J. Oberheide, K. Veeraraghavan, E. Cooke, J. Flinn, and F. Jahanian. Virtualized In-Cloud Security Services for Mobile Devices. In Proc. Workshop on Virtualization in Mobile Computing, June 2008.
38. N. Percoco and C. Papathanasiou. This Is Not the Droid You're Looking For... http://www.defcon.org/images/defcon-18/dc-18-presentations/Trustwave- Spiderlabs/DEFCON-18-Trustwave-Spiderlabs-Android-Rootkit-WP.pdf, July 2010.
39. N. Petroni and M. Hicks. Automated Detection of Persistent Kernel Control-Flow Attacks. In Proc. ACM Conference on Computer and Communications Security, pages 103-115, October 2007.
40. N. L. Petroni, T. Fraser, A. Walters, and W. A. Arbaugh. An Architecture for Specification-based Detection of Semantic Integrity Violations of Kernel Dynamic Data. In Proc. USENIX Security Symposium, August 2006.
41. G. Portokalidisi, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: Versatile Protection For Smartphones. In Proc. 26th Annual Computer Security Applications Conference, 2010.
42. R. Riley, X. Jiang, and D. Xu. Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing. In Proc. 11th Symposium on Recent Advances in Intrusion Detection, September 2008.
43. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In Proc. 21st ACM Symposium on Operating Systems Principles, November 2007.
44. H. Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In Proc. ACM Conference on Computer and Communications Security, pages 552-561, October 2007.
45. P.C. van Oorschot, A. Somayaji, and G. Wurster. Hardware-assisted circumvention of self-hashing software tamper resistance. IEEE Transactions on Dependable and Secure Computting, 2:82-92, April 2005.
46. Z. Wang, X. Jiang, W. Cui, and P. Ning. Countering Kernel Rootkits with Lightweight Hook Protection. In Proceedings of the ACM Conference on Computer and Communications Security, November 2009.
47. X. Zhang, L. van Doorn, T. Jaeger, R. Perez, and R. Sailer. Secure Coprocessor-based Intrusion Detection. In Proc. 10th workshop on ACM SIGOPS European workshop: beyond the PC, 2002.