Stanford EE Computer Systems Colloquium

4:15PM, Wednesday, February 12, 2014
NEC Auditorium, Gates Computer Science Building Room B3

Trusted Detection of Malicious Activities on Mobile Phones

Yuval Elovici
Department of Information Systems Engineering
Ben-Gurion University
About the talk:

The unprecedented popularity of modern mobile phones has made them a lucrative target for skillful and motivated attackers. Advanced attackers manage to bypass both the security mechanisms that are part of the mobile phone operating system and the additional security tools that are installed on the device.

For example, members of BGU cyber security labs have recently demonstrated, on Android based devices, how traffic which is tunneled via VPN can be intercepted before it has been encrypted.

In this seminar, two ongoing research studies at BGU cyber security labs will be reviewed. The studies focus on trusted detection of malicious activities that may indicate the presence of a malicious code running in the mobile device.

The first study tries to detect malicious activities by power analysis. The power measurements are performed directly on the battery and not within the device that could be accessible to the attacker. In this study it is demonstrated that critical sensor activation, such as GPS, by a malicious code of the attacker can be detected and that it is possible to distinguish between malicious and benign user activation.

The second study focuses on detecting sophisticated malicious code such as rootkits that attackers manage to install on mobile phones. The detection mechanism consists of both hardware and software components. The hardware component is based on the JTAG interface, which is present in most modern mobile phones and ARM processors. JTAG, which is an industry standard for hardware debug, allows to halt the core of the analyzed device without triggering the operation system. It enables monitoring the system memory while the rootkit is not aware that it is being analyzed. The software component consists of a detection mechanism that extracts the Android kernel's memory areas for further analysis.

Preliminary evaluation results of both studies will be presented.


There is no downloadable version of the slides for this talk available at this time.

About the speaker:

[speaker-photo] Yuval Elovici is the director of the Telekom Innovation Laboratories at Ben-Gurion University, head of the Cyber Security Labs and a Professor at the Department of Information Systems Engineering of Ben-Gurion University. He holds B.Sc and M.Sc degrees in Computer and Electrical Engineering from the Ben-Gurion University, and Ph.D in Information Systems from Tel-Aviv University. He served as the head of the Software Engineering program at Ben-Gurion University for two and a half years. Prof. Elovici also professionally consults in the area of the cyber security. In the last eight years he has lead the cooperation between Ben-Gurion University and Deutsche Telekom. In addition, he has published more than 55 referred journal papers in leading journals, published over 100 papers in various referred conferences and co-authored a book on social network security and a book on information leakage detection and prevention. His main research interests are Computer and Network Security, Cyber Security, Web Intelligence, Information Warfare, Social Network Analysis and Machine Learning.

Contact information:

Yuval Elovici
Hmeyasdim 9
+972 54 6775544