EAGER: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks

EAGER：为移动设备提供安全数据恢复以抵御恶意攻击

• 批准号: 1938130
• 负责人: Bo Chen
• 金额: $ 20万
• 依托单位: Michigan Technological University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1938130&HistoricalAwards=false
• 关键词: EAGER; Enabling; Secure; Data; Recovery

Mainstream mobile computing devices, such as, smart phones and tablets, currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, that can get restored if needed. Such a commonly used "off-device" backup mechanism, however, suffers from a fundamental limitation, namely, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users. The project also provides opportunities for training for graduate students specially from underrepresented minority groups. A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data backup and recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage's special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

诸如智能电话和平板电脑的主流移动的计算设备当前依赖于远程备份来在故障时进行数据恢复。例如，iPhone定期将最近的快照存储到iCloud，如果需要，可以恢复。然而，这种常用的“设备外”备份机制存在一个根本性的局限性，即远程服务器中的备份并不总是与本地设备中存储的数据同步。因此，当移动终端遭受恶意软件攻击时，只能使用远程备份将其恢复到历史状态，而不能恢复到攻击发生之前的确切状态。数据对于组织和个人都是非常有价值的，因此在恶意软件攻击之后，将数据恢复到确切的点（即，在他们堕落之前，然而，这是一个具有挑战性的问题。该项目解决了移动的设备中的这个问题，其结果可能会使数十亿移动的用户受益。该项目还为研究生，特别是代表性不足的少数群体的研究生提供培训机会。该项目的主要目标是在恶意软件攻击后将移动的设备恢复到损坏点。正在考虑的恶意软件是操作系统级恶意软件，它可以损害操作系统并获得操作系统级权限。为了实现这一目标，该项目结合了传统的设备外数据备份和恢复以及新型的设备内数据恢复。1）设计了一种新型的恶意软件检测器，该检测器运行在闪存转换层（FTL），即介于操作系统和闪存硬件之间的固件层。基于FTL的恶意软件检测器可确保提交到远程服务器的数据不会被操作系统级恶意软件篡改。2)开发一种新的方法，确保操作系统级恶意软件不能破坏数据更改（即，delta），其尚未被提交到远程服务器。这是通过使用闪存的特殊硬件特征，即，异地更新和强物理隔离。3)开发一种用户友好的方法，使用户能够方便有效地检索隐藏在闪存中的增量，以便在恶意软件攻击后恢复数据。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction

• DOI: 10.1145/3548606.3563538
• 发表时间: 2022-11
• 期刊: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Niusen Chen;Josh Dafoe;Bo Chen

Combating the OS-Level Malware in Mobile Devices by Leveraging Isolation and Steganography

• DOI: 10.1007/978-3-030-81645-2_23
• 发表时间: 2021-06
• 作者: Niusen Chen;Wenxue Xie;Bo Chen

Defending against OS-Level Malware in Mobile Devices via Real-Time Malware Detection and Storage Restoration

• DOI: 10.3390/jcp2020017
• 发表时间: 2022
• 期刊: J. Cybersecur. Priv.
• 作者: Niusen Chen;Bo Chen