TC: Medium: Self-Securing Services for Mobile Handsets

TC：中：手机的自我保护服务

• 批准号: 0905143
• 负责人: Kang Shin
• 金额: $ 30万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2010
• 资助国家: 美国
• 起止时间: 2010-03-01 至 2015-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0905143&HistoricalAwards=false
• 关键词: TC; Medium; Self; Securing; Services

The main objective of the proposed research is to develop a self-securing framework for smart mobile handsets, called S3Mobile (Self Securing Services for Mobile handsets), that protects the handsets against known and unknown malware. The key research components of S3Mobile include: (1) collect malware samples for mobile handsets, (2) record the hardware and software usage logs of the samples that represent the corresponding run-time behavior, (3) develop an algorithm for extracting features from the logs, (4) analyze similarities, features, and exploit vectors, and (5) implement and evaluate S3Mobile on the Android platform. The general approach to the problem is to conduct some monitoring on the handset, but, recognizing the more limited computational and electrical resources available there, to use a remote server to conduct more computationally intensive activities and to maintain repositories of malware and normal application behavior. The server side facilities are referred to as a second line of defense. Four particular challenges are noted for the work: accurately specifying malware behavior, accurately detecting such behavior, testing the constructed system to evaluate its performance correctly, and the difficulty of obtaining malware samples. The proposal documents approaches to each of these challenges, including the use of a temporal logic based notation for describing malware behavior and a combination of honeypots and industrial collaboration to provide malware samples. If successful, the work could lead to a cellphone / smartphone infrastructure with much improved resilience to software-based attacks that aim to steal information or drain power from the phone.

拟议的研究的主要目标是开发一个自安全框架的智能移动的手机，称为S3移动的（自安全服务移动的手机），保护手机免受已知和未知的恶意软件。S3移动的的关键研究组件包括：（1）收集移动的手机的恶意软件样本，（2）记录代表相应运行时行为的样本的硬件和软件使用日志，（3）开发用于从日志中提取特征的算法，（4）分析相似性、特征和利用向量，以及（5）在Android平台上实现和评估S3移动的。解决这个问题的一般方法是在手机上进行一些监控，但是，认识到那里可用的计算和电子资源更加有限，使用远程服务器来进行计算密集型活动，并维护恶意软件和正常应用程序行为的存储库。 服务器端设施被称为第二道防线。四个特殊的挑战是指出的工作：准确地指定恶意软件的行为，准确地检测这种行为，测试构建的系统，以正确地评估其性能，并获得恶意软件样本的难度。该提案记录了应对这些挑战的方法，包括使用基于时间逻辑的符号来描述恶意软件行为，以及结合蜜罐和工业合作来提供恶意软件样本。 如果成功，这项工作可能会导致手机/智能手机基础设施对旨在窃取信息或消耗手机电量的基于软件的攻击的弹性大大提高。