An official website of the United States government
Combating the OS-level malware is a very challenging problem as this type of malware can compromise the operating system, obtaining the kernel privilege and subverting almost all the existing anti-malware tools. This work aims to address this problem in the context of mobile devices. As real-world malware is very heterogeneous, we narrow down the scope of our work by especially focusing on a special type of OS-level malware that always corrupts user data. We have designed mobiDOM, the first framework that can combat the OS-level data corruption malware for mobile computing devices. Our mobiDOM contains two components, a malware detector and a data repairer. The malware detector can securely and timely detect the presence of OS-level malware by fully utilizing the existing hardware features of a mobile device, namely, flash memory and Arm TrustZone. Specifically, we integrate the malware detection into the flash translation layer (FTL), a firmware layer embedded into the flash storage hardware, which is inaccessible to the OS; in addition, we run a trusted application in the Arm TrustZone secure world, which acts as a user-level manager of the malware detector. The FTL-based malware detection and the TrustZone-based manager can communicate with each other stealthily via steganography. The data repairer can allow restoring the external storage to a healthy historical state by taking advantage of the out-of-place-update feature of flash memory and our malware-aware garbage collection in the FTL. Security analysis and experimental evaluation on a real-world testbed confirm the effectiveness of mobiDOM.
more »
« less
Combating the OS-Level Malware in Mobile Devices by Leveraging Isolation and Steganography
Detecting the OS-level malware (e.g., rootkit) is an especially challenging problem, as this type of malware can compromise the OS, and can then easily hide their intrusion behaviors or directly subvert the traditional malware detectors running in either the user or the kernel space. In this work, we propose mobiDOM to solve this problem for mobile computing devices. The key idea of mobiDOM is to securely detect the OS-level malware by fully utilizing the existing secure features of a mobile device in the hardware. Specifically, we integrate a malware detector in the flash translation layer (FTL), a firmware layer embedded into the external flash storage which is inaccessible to the OS; in addition, we build a trusted application in the Arm TrustZone secure world, which acts as a user-level controller of the malware detector. The FTL-based malware detector and the TrustZone-based controller communicate with each other stealthily via steganography. Security analysis and experimental evaluation confirm that mobiDOM can securely and effectively detect the OS-level malware.
more »
« less
- Award ID(s):
- 1938130
- PAR ID:
- 10281615
- Date Published:
- Journal Name:
- Applied Cryptography and Network Security Workshops
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
With increasing development of connected and autonomous vehicles, the risk of cyber threats on them is also increasing. Compared to traditional computer systems, a CAV attack is more critical, as it does not only threaten confidential data or system access, but may endanger the lives of drivers and passengers. To control a vehicle, the attacker may inject malicious control messages into the vehicle’s controller area network. To make this attack persistent, the most reliable method is to inject malicious code into an electronic control unit’s firmware. This allows the attacker to inject CAN messages and exhibit significant control over the vehicle, posing a safety threat to anyone in proximity. In this work, we have designed a defensive framework which allows restoring compromised ECU firmware in real time. Our framework combines existing intrusion detection methods with a firmware recovery mechanism using trusted hardware components equipped in ECUs. Especially, the firmware restoration utilizes the existing FTL in the flash storage device. This process is highly efficient by minimizing the necessary restored information. Further, the recovery is managed via a trusted application running in TrustZone secure world. Both the FTL and TrustZone are secure when the ECU firmware is compromised. Steganography is used to hide communications during recovery. We have implemented and evaluated our prototype implementation in a testbed simulating the real-world in-vehicle scenario.more » « less
-
In today's digital landscape, the ubiquity of mobile devices underscores the urgent need for stringent security protocols in both data transmission and storage. Plausibly deniable encryption (PDE) stands out as a pivotal solution, particularly in jurisdictions marked by rigorous regulations or increased vulnerabilities of personal data. However, the existing PDE systems for mobile platforms have evident limitations. These include vulnerabilities to multi-snapshot attacks over RAM and flash memory, an undue dependence on non-secure operating systems, traceable PDE entry point, and a conspicuous PDE application prone to reverse engineering. To address these limitations, we have introduced FSPDE, the first Full-Stack mobile PDE system design which can mitigate PDE compromises present at both the execution and the storage layers of mobile stack as well as the cross-layer communication. Utilizing the resilient security features of ARM TrustZone and collaborating multiple storage sub-layers (block device, flash translation layer, etc.), FSPDE offers a suite of improvements. At the heart of our design, the MUTE and MIST protocols serve both as fortifications against emerging threats and as tools to mask sensitive data, including the PDE access point. A real-world prototype of FSPDE was developed using OP-TEE, a leading open-source Trusted Execution Environment, in tandem with an open-sourced NAND flash controller. Security analysis and experimental evaluations justify both the security and the practicality of our design. To address these limitations, we have introduced FSPDE, the first Full-Stack mobile PDE system design which can mitigate PDE compromises present at both the execution and the storage layers of mobile stack as well as the cross-layer communication. Utilizing the resilient security features of ARM TrustZone and collaborating multiple storage sub-layers (block device, flash translation layer, etc.), FSPDE offers a suite of improvements. At the heart of our design, the MUTE and MIST protocols serve both as fortifications against emerging threats and as tools to mask sensitive data, including the PDE access point. A real-world prototype of FSPDE was developed using OP-TEE, a leading open-source Trusted Execution Environment, in tandem with an open-sourced NAND flash controller. Security analysis and experimental evaluations justify both the security and the practicality of our design.more » « less
-
Use of mobile phones today has become pervasive throughout society. A common use of a phone involves calling another person using VoIP apps. However the OSes on mobile devices are prone to compromise creating a risk for users who want to have private conversations when calling someone. Mobile devices today provide a hardware-protected mode called trusted execution environment (TEE) to protect users from a compromised OS. In this paper we propose a design to allow a user to make a secure end-to-end protected VoIP call from a compromised mobile phone. We implemented our design, TruzCall using Android OS and TrustZone TEE running OP-TEE OS. We built a prototype using the TrustZone-enabled Hikey development board and tested our design using the open source VoIP app Linphone. Our testing utilizes a simulation based environment that allows a Hikey board to use a real phone for audio hardware.more » « less
-
Flash memory has been used extensively as external storage of smartphones, tablets, IoT devices, laptops, etc. Therefore, more and more sensitive or even mission critical data are stored in flash and, once the data turn obsolete, securely deleting them is necessary for both regulation compliance and privacy protection. Traditional secure deletion on flash memory mainly focuses on sanitizing data. However, unique nature of flash memory may cause various data ``remnants'' and, even though the data are removed, the remnants may be utilized by the adversary to recover the deleted data, compromising the secure deletion guarantee. Based on both theoretic analysis and experiments using real-world workloads, we have identified one common type of remnants in the flash memory, namely duplicates, which are caused by unique internal functions of flash storage media including garbage collection, wear leveling, bad block management. We propose RedFlash, a novel secure deletion scheme which can efficiently Remove both the data and the corresponding duplicates towards secure deletion on Flash memory. Security analysis and experimental evaluation show that RedFlash can ensure the secure deletion guarantee, at the cost of a small performance degradation, compared to a regular (non-secure) flash controller.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1007/978-3-030-81645-2_23
