Specification-based Monitoring of Third-party Software on Mobile Devices
Andy Brown :: Friday 10th October 2008
Abstract. Mobile devices have recently become substitutes for traditional PCs, allowing users to download and execute third-party applications from vendors they do not trust. Whilst mechanisms exist to mediate this relationship in a mobile context, they cannot guarantee the quality or security of the code a program will execute. Anti-virus software can partially achieve this, but is less-feasible for systems with limited computing power and storage. Execution monitoring is a lightweight technique that can prevent software deviating from its intended behaviour. In this talk, we address the barriers to its adoption for malware defence, by introducing: 1. A high-level policy language called ABML, in which judgements about program executions can be specified in an abstract fashion; 2. A more powerful class of execution monitor capable of manipulating data abstractions in order to determine an event's context more precisely; 3. An on-line compiler from an ABML policy into an execution monitor. We use the BlackBerry platform to demonstrate these developments. We show how our framework can defend the device against unseen exploits more effectively that its existing security measures can and without encountering the common overheads of anti-virus.
Materials: slides (.pdf)