Browsing by Author "Elish, Karim O."
Now showing 1 - 3 of 3
Results Per Page
Sort Options
- Device-Based Isolation for Securing Cryptographic KeysElish, Karim O.; Deng, Yipan; Yao, Danfeng (Daphne); Kafura, Dennis G. (Department of Computer Science, Virginia Polytechnic Institute & State University, 2012)In this work, we describe an eective device-based isolation approach for achieving data security. Device-based isolation leverages the proliferation of personal computing devices to provide strong run-time guarantees for the condentiality of secrets. To demonstrate our isolation approach, we show its use in protecting the secrecy of highly sensitive data that is crucial to security operations, such as cryptographic keys used for decrypting ciphertext or signing digital signatures. Private key is usually encrypted when not used, however, when being used, the plaintext key is loaded into the memory of the host for access. In our threat model, the host may be compromised by attackers, and thus the condentiality of the host memory cannot be preserved. We present a novel and practical solution and its prototype called DataGuard to protect the secrecy of the highly sensitive data through the storage isolation and secure tunneling enabled by a mobile handheld device. DataGuard can be deployed for the key protection of individuals or organizations.
- A Static Assurance Analysis of Android ApplicationsElish, Karim O.; Yao, Danfeng (Daphne); Ryder, Barbara G.; Jiang, Xuxian (Department of Computer Science, Virginia Polytechnic Institute & State University, 2013-07-11)We describe an efficient approach to identify malicious Android applications through specialized static program analysis. Our solution – referred to as user intention program dependence analysis – performs offline analysis to find the dependence relations between user triggers and entry points to methods providing critical system functions. Analyzing these types of dependences in programs can identify the privileged operations (e.g., file, network operations and sensitive data access) that are not intended by users. We apply our technique on 708 free popular apps and 482 malware apps for Android OS, and the experimental results show that our technique can differentiate between legitimate and malware applications with high accuracy. We also explain the limitations of the user-intention-based approach and point out the need for practitioners to adopt multiple analysis tools for evaluating the assurance of Android applications.
- User-Centric Dependence Analysis For Identifying Malicious Mobile AppsElish, Karim O.; Yao, Danfeng (Daphne); Ryder, Barbara G. (IEEE, 2012)This paper describes an efficient approach for identifying malicious Android mobile applications through specialized static program analysis. Our solution performs offline analysis and enforces the normal properties of legitimate dataflow patterns to identify programs that violate these properties. To demonstrate the feasibility of our user-centric dependence analysis, we implement a tool to generate a data dependence graph and perform preliminary evaluation to characterize both legitimate and malicious Android apps. Our preliminary results confirm our hypothesis on the differences in user-centric data dependence behaviors between legitimate and malicious apps.