Smartphones and mobile devices are rapidly becoming indispensable for many users. Unfortunately, they also become fertile grounds hackers to deploy malware. There is an urgent need have a "security analytic & forensic system" which can facilitate analysts examine, dissect, associate correlate large number of applications. An effective system needs address the following questions: How automatically collect manage high volume malware? analyze zero-day suspicious application, compare or it with...

Mobile operating systems like Android failed to provide sufficient protection on personal data, and privacy leakage becomes a major concern. To understand the security risks leakage, analysts have carry out data-flow analysis. In 2014, upgraded with fundamentally new design known as RunTime (ART) environment in 5.0. ART adopts ahead-of-time compilation strategy replaces previous virtual-machine-based Dalvik. Unfortunately, many analysis TaintDroid were designed for legacy Dalvik environment....

Android, the most popular mobile OS, has around 78% of market share. Due to its popularity, it attracts many malware attacks. In fact, people have discovered 1 million new samples per quarter, and was reported that over 98% these are in fact "derivatives" (or variants) from existing families. this paper, we first show runtime behaviors malware's core functionalities similar within a family. Hence, propose framework combine "runtime behavior" with "static structures" detect variants. We...

Smartphones and mobile devices are rapidly becoming indispensable for many users. Unfortunately, they also become fertile grounds hackers to deploy malware spread virus. There is an urgent need have a "security analytic & forensic system" which can facilitate analysts examine, dissect, associate correlate large number of applications. An effective system needs address the following questions: How automatically collect manage high volume malware? analyze zero-day suspicious application,...

Android, being an open source smartphone operating system, enjoys a large community of developers who create new mobile services and applications. However, it also attracts malware writers to exploit Android devices in order distribute malicious apps the wild. In fact, are becoming more sophisticated they use advanced "dynamic loading" techniques like Java reflection or native code execution bypass security detection. To detect dynamic loading, one has analysis. Currently, there only handful...

Intel Software Guard eXtension (SGX), a hardware supported trusted execution environment (TEE), is designed to protect security critical applications. However, it does not terminate traditional memory corruption vulnerabilities for the software running inside enclave, since enclave still developed with type unsafe languages such as C/C++. This paper presents RUST-SGX, an efficient and layered approach exterminating SGX enclaves. The key idea enable development of programs safe system...

Repackaged malware and phishing consist 86% [35] of all Android malware, they significantly affect the ecosystem. Previous work use disassembled Dalvik bytecode hashing approaches to detect repackaged but these are vulnerable obfuscation attacks demand large computational resources on mobile devices. In this work, we propose a novel methodology which uses layout within an app apps "visually similar", common characteristic in malware. To visually similar apps, design implement DroidEagle...

Safe system programming is often a crucial requirement due to its critical role in software engineering. Conventional low-level languages such as C and assembly are efficient, but their inherent unsafe nature makes it undesirable for security-critical scenarios. Recently, Rust has become promising alternative safe system-level programming. While giving programmers fine-grained hardware control, strong type enforces many security properties including memory safety. However, Rust's guarantee...

Rust is an emerging programming language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property very attractive to developers, and many projects start using the language. However, can achieve promise? This article studies question by surveying 186 real-world bug reports collected from several origins, which contain all existing common vulnerability exposures (CVEs) of issues 2020-12-31. We manually analyze each extract their culprit patterns. Our...

Android has a dominating share in the mobile market and there is significant rise of malware targeting devices. accounted for 97% all threats 2013 [26]. To protect smartphones prevent privacy leakage, companies have implemented various host-based intrusion prevention systems (HIPS) on their In this paper, we first analyze implementations, strengths weaknesses three popular HIPS architectures. We demonstrate severe loophole weakness an existing product which hackers can readily exploit. Then...

Android mobile devices are enjoying a lion's market share in smartphones and devices. This also attracts malware writers to target the platform. Recently, we have discovered new distribution channel: releasing malicious firmwares with pre-installed wild. poses significant risk since users of cannot change content firmwares. Furthermore, applications " more permissions" (i.e., silent installation) than other legitimate apps, so they can download or access users' confidential information. To...

In the past decade, Trusted Execution Environment (TEE) provided by ARM TrustZone is becoming one of primary techniques for enhancing security mobile devices. The isolation enforced can protect trusted applications running in TEE against malicious software untrusted rich execution environment (REE). However, cannot completely prevent vulnerabilities residing TEE, which then be used to attack other or even OS. Previously, a number memory corruption have been reported on different TAs, are...

Ensuring the proper use of sensitive data in analytics under complex privacy policies is an increasingly critical challenge. Many existing approaches lack portability, verifiability, and scalability across diverse processing frameworks. We introduce Picachv, a novel security monitor that automatically enforces policies. It works on relational algebra as abstraction for program semantics, enabling policy enforcement query plans generated by programs during execution. This approach simplifies...

The big data industry is facing new challenges as concerns about privacy leakage soar. One of the remedies to breach incidents encapsulate computations over sensitive within hardware-assisted Trusted Execution Environments (TEE). Such TEE-powered software called secure enclaves. Secure enclaves hold various advantages against competing for privacy-preserving computation solutions. However, are much more challenging build compared with ordinary software. reason that development TEE must...

With diverse functionalities and advanced platform applications, Internet of Things (IoT) devices extensively interact with each other, these interactions govern the legitimate device state transitions. At same time, attackers can easily manipulate devices, it is difficult to detect covert control. In this work, we propose interaction graph, which uses profile normal behavior. We also formalize two types anomalies, present an anomaly detection system CausalIoT. It automatically construct...

Device drivers on Linux-powered embedded or IoT systems execute in kernel space thus must be fully trusted. Any fault may significantly impact the whole system. However, third-party hardware manufacturers usually ship their proprietary device with devices. These out-of-tree are generally of poor quality because a lack code audit. In this paper, we propose new approach that helps developers to improve reliability and safety without modifying kernel: Rewriting memory-safe programming language...

Internet of Things (IoT) services are gaining increasing popularity, and IoT devices widely deployed at many smart homes. Among all the communication protocols, Zigbee is a dominant one used by billions customers. However, design has not been carefully evaluated could be exploited attackers. In this paper, we focus on Zigbee's network rejoin procedure, which aims to allow automatically recover their status when they accidentally go offline. We develop an automated verification tool Verejoin...

Intel SGX Guard eXtensions (SGX), a hardware-supported trusted execution environment (TEE), is designed to protect security-sensitive applications. However, since enclave applications are developed with memory unsafe languages such as C/C++, traditional corruption not eliminated in SGX. Rust-SGX the first toolkit providing developers memory-language. Rust considered Systems language and has become right choice for concurrent web browsers. Many application domains Big Data, Machine Learning,...

The big data industry is facing new challenges as concerns about privacy leakage soar. One of the remedies to breach incidents encapsulate computations over sensitive within hardware-assisted Trusted Execution Environments (TEE). Such TEE-powered software called secure enclaves. Secure enclaves hold various advantages against competing for privacy-preserving computation solutions. However, are much more challenging build compared with ordinary software. reason that development TEE must...

Rust is an emerging programing language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property very attractive to developers, and many projects start using the language. However, can achieve promise? This paper studies question by surveying 186 real-world bug reports collected from several origins which contain all existing CVEs (common vulnerability exposures) of issues 2020-12-31. We manually analyze each extract their culprit patterns. Our...

Android, the most popular mobile OS, has around 78% of market share. Due to its popularity, it attracts many malware attacks. In fact, people have discovered one million new samples per quarter, and was reported that over 98% these are in fact "derivatives" (or variants) from existing families. this paper, we first show runtime behaviors malware's core functionalities similar within a family. Hence, propose framework combine "runtime behavior" with "static structures" detect variants. We...