Open AccessProceedings Article
Ninja: Towards Transparent Tracing and Debugging on {ARM}
Zhenyu Ning,Fengwei Zhang +1 more
- pp 33-49
TLDR
NINJA is proposed, a transparent malware analysis framework on ARM platform with low artifacts that leverages a hardware-assisted isolated execution environment TrustZone to transparently trace and debug a target application with the help of Performance Monitor Unit and Embedded Trace Macrocell.Abstract:
Existing malware analysis platforms leave detectable fingerprints like uncommon string properties in QEMU, signatures in Android Java virtual machine, and artifacts in Linux kernel profiles. Since these fingerprints provide the malware a chance to split its behavior depending on whether the analysis system is present or not, existing analysis systems are not sufficient to analyze the sophisticated malware. In this paper, we propose NINJA, a transparent malware analysis framework on ARM platform with low artifacts. NINJA leverages a hardware-assisted isolated execution environment TrustZone to transparently trace and debug a target application with the help of Performance Monitor Unit and Embedded Trace Macrocell. NINJA does not modify system software and is OS-agnostic on ARM platform. We implement a prototype of NINJA (i.e., tracing and debugging subsystems), and the experiment results show that NINJA is efficient and transparent for malware analysis.read more
Citations
More filters
Proceedings ArticleDOI
Orpheus: Enforcing Cyber-Physical Execution Semantics to Defend Against Data-Oriented Attacks
Long Cheng,Ke Tian,Danfeng Yao +2 more
TL;DR: This work proposes Orpheus, a security methodology for defending against data-oriented attacks by enforcing cyber-physical execution semantics of a control program, and presents a new program behavior model, i.e., the event-aware finite-state automaton (eFSA), which takes advantage of theevent-driven nature of control programs and incorporates event checking in anomaly detection.
Proceedings ArticleDOI
Understanding the Security of ARM Debugging Features
Zhenyu Ning,Fengwei Zhang +1 more
TL;DR: This paper performs a comprehensive security analysis of the ARM debugging features, and summarizes the security and vulnerability implications, and craft Nailgun attack, which obtains sensitive information and achieves arbitrary payload execution in a high-privileged mode from a low-privilege mode via misusing the debugging features.
Proceedings ArticleDOI
Droid-AntiRM: Taming Control Flow Anti-analysis to Support Automated Dynamic Analysis of Android Malware
TL;DR: Droid-AntiRM is designed and implemented, a new approach seeking to tame anti-analysis automatically and improve automated dynamic analysis, and has good efficiency to perform large-scale analysis.
Proceedings ArticleDOI
Preliminary Study of Trusted Execution Environments on Heterogeneous Edge Platforms
TL;DR: The experiments show that the performance overhead introduced by the TEEs is low, which indicates that integrating these Tees into the edge nodes can efficiently mitigate security loopholes with a low-performance overhead.
DROIDSCRIBE: Classifying android malware based on runtime behavior
Santanu Kumar Dash,Guillermo Suarez Tangil,Salah J. Khan,Kim Tae Woong,Mansoor Ahmad,Johannes Kinder,Lorenzo Cavallaro +6 more
TL;DR: In this article, the authors use machine learning to automatically classify Android malware samples into families with high accuracy, while observing only their runtime behavior, focusing exclusively on dynamic analysis of runtime behavior to provide a clean point of comparison.
References
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Proceedings ArticleDOI
Valgrind: a framework for heavyweight dynamic binary instrumentation
TL;DR: Valgrind is described, a DBI framework designed for building heavyweight DBA tools that can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
Proceedings ArticleDOI
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
TL;DR: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
Proceedings ArticleDOI
Crowdroid: behavior-based malware detection system for Android
TL;DR: The method is shown to be an effective means of isolating the malware and alerting the users of a downloaded malware, showing the potential for avoiding the spreading of a detected malware to a larger community.
Book ChapterDOI
BitBlaze: A New Approach to Computer Security via Binary Analysis
Dawn Song,David Brumley,Heng Yin,Juan Caballero,Ivan Jager,Min Gyung Kang,Zhenkai Liang,James Newsome,Pongsin Poosankam,Prateek Saxena +9 more
TL;DR: An overview of the BitBlaze project, a new approach to computer security via binary analysis that focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems.
Related Papers (5)
DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis
Lok Kwong Yan,Heng Yin +1 more