SLIDE 1
Mobile Malware: Why the traditional AV paradigm is doomed, and how - - PowerPoint PPT Presentation
Mobile Malware: Why the traditional AV paradigm is doomed, and how - - PowerPoint PPT Presentation
Mobile Malware: Why the traditional AV paradigm is doomed, and how to use physics to detect physics to detect undesirable routines Guy Stewart VP Engineering Fatskunk Inc. The Malware Problem The Malware Problem Trojans, Rootkits, the
SLIDE 2
SLIDE 3
Threats
SLIDE 4
Threats
SLIDE 5
Untrustworthy Supply Chains
SLIDE 6
Software Attestation
Introduction to Software Attestation using Principles of Physics
Software Attestation
SLIDE 7
Approach: Measure by Displacement
SLIDE 8
The software Space / Time trade-off
SLIDE 9
Approach
- 1. Stop execution of all programs
(malware may refuse) monolith kernel malware cache malware honest software, data,
- r passive malware
SLIDE 10
Approach
- 1. Stop execution of all programs
(malware may refuse)
- 2. Overwrite “free” memory with
pseudo-random content (malware refuses again) monolith kernel malware cache malware
SLIDE 11
Approach
- 1. Stop execution of all programs
(malware may refuse)
- 2. Overwrite “free” memory with pseudo-
random content (malware refuses again) malware monolith kernel cache again)
- 3. Compute keyed digest of all
memory (access order unknown a priori) malware
SLIDE 12
Verify results
SLIDE 13
Commercial Applications
SLIDE 14
Secure Execution Environment (SXE)
SLIDE 15
OS Secure Boot
SLIDE 16
TrustZone Normal World
SLIDE 17
Interconnected Embedded Systems
Verifier Client Verifier Client Client
SLIDE 18