security versus energy tradeoffs in
play

Security versus Energy Tradeoffs in Host-Based Mobile Malware - PowerPoint PPT Presentation

Nov 12, 2022 •407 likes •709 views

Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H. Andrs Lagar-Cavilla #, Alexander Varshavsky #, Vinod Ganapathy *, and Liviu Iftode * * Rutgers University # AT&T Labs Research Smart Phone

  1. Security versus Energy Tradeoffs in Host-Based Mobile Malware Detection Jeffrey Bickford *, H. Andrés Lagar-Cavilla #, Alexander Varshavsky #, Vinod Ganapathy *, and Liviu Iftode * * Rutgers University # AT&T Labs – Research

  2. Smart Phone Apps Store personal and private information Contacts Location Email Banking

  3. The Rise of Mobile Malware 2004 2006 2011 Mobisys 6/30/2011 3

  4. Traditional Malware Detection Antivirus 2011 30469 of 121876 scanned Battery life decreases 2x faster! Remaining Time: 1 hour 2 minutes Cancel Scan • Periodically scan the attack target – System comprised of code and data • Personal files, executables, databases, network activity Mobisys 6/30/2011 4

  5. Mobile Detection Problem • Typical machines can execute malware detection systems 24/7 • Mobile devices are limited by their battery • Detection mechanisms in their current state lead to high energy cost • Executing malware detection systems only when charging is not sufficient Mobisys 6/30/2011 5

  6. Contributions Explore the tradeoffs between security monitoring and energy consumption on mobile devices 1. Framework to quantify the security vs. energy tradeoffs on a mobile device 2. Create energy optimized versions of two security tools 3. Introduce a balanced security profile Mobisys 6/30/2011 6

  7. How Do I Conserve Energy? • Frequency of Checks – When to check? What to Check Attack Surface – Scan less frequently – Timing vs events • Attack Surface – What to check? – Scan fewer code/data When to Check objects Frequency of Checks Mobisys 6/30/2011 7

  8. Security-Energy Tradeoff Various Attacks • Scan all continuously – Best possible security Attack Surface – High energy cost Is there a sweet spot? • Periodically Scan – Vulnerable between scans • Scan Subset – Vulnerable to attacks outside of subset Frequency of Checks Mobisys 6/30/2011 Mobisys 6/30/2011 8 8

  9. Rootkits Rootkits are sophisticated malware requiring complex detection algorithms User Anti App App Virus App Libraries Space Virus Rootkit Kernel System Process Kernel Drivers Call Space Lists Code Table Mobisys 6/30/2011 9

  10. Demonstrated Attack Conversation Snooping Attack Send SMS Rootkit Infected Attacker Delete SMS Dial me “666 - 6666” Call Attacker Turn on Mic Rootkit stealthily hides from the user [Bickford et al. HotMobile ‘10 ] Mobisys 6/30/2011 10

  11. Rootkit Detection OS must be monitored using a hypervisor • Detection tools run in Trusted User OS trusted domain Detector • Mobile hypervisors soon – VMWare – OKL4 Microvisor (Evoke) Hypervisor – Samsung Xen on ARM Host Machine Mobisys 6/30/2011 11

  12. Experimental Setup • Viliv S5 – Intel Atom – 3G, WiFi, GPS, Bluetooth • Xen Hypervisor – Evaluated the tradeoff using two existing rootkit detectors within trusted domain • Workloads – 3G and WiFi workload simulating user browsing – Lmbench for a CPU intensive workload Mobisys 6/30/2011 12

  13. Detecting Data-Driven Attacks • Gibraltar [Baliga et al. IEEE TDSC ‘ 11] typifies the usual form of rootkit defense for kernel data attacks – Primarily pointer-based control flow – Scans data structures within the OS Kernel • Scanning approach analogous to antivirus scans • Original version monitored all data structures all of the time Mobisys 6/30/2011 13

  14. Detecting Data-Driven Attacks Guest domain Trusted domain Gibraltar daemon Kernel Kernel Reconstruct Code Data 2 data structures Invariant Data DB ? page 3 Alert 1 Fetch Page user Hypervisor Mobisys 6/30/2011 14

  15. Problem – High Energy Cost while(1) { for all kernel data structures { get current value Continuous check against invariant Scan Idle } Must tradeoff security for energy } • Maximum security • 100 % CPU usage • Poor Energy Efficiency Mobisys 6/30/2011 15

  16. Tradeoffs for Data-Based Detectors Attack Surface All Data Function Original design Pointers of Gibraltar All Lists Process List Event Threshold: (page Static Poll Frequency changes between checks) Data (seconds) 100 50 120 10 1 0 1 5 30 Frequency of Checks Mobisys 6/30/2011 16

  17. Frequency of Checks while(1) { while(1) { every “x” seconds { for all kernel data structures { get current value for all kernel data structures { Scan Idle check against invariant get current value } check against invariant } } } Mobisys 6/30/2011 17

  18. Evaluating the Tradeoff Sweet Spot! Mobisys 6/30/2011 18

  19. Attack Surface while(1) { while(1) { for all kernel data structures { for all kernel data structures { get current value for a subset of data structures { check against invariant get current value } check against invariant } } } Mobisys 6/30/2011 19

  20. Evaluating the Tradeoff 96% of rootkits! [Petroni et al. CCS ‘07] Mobisys 6/30/2011 20

  21. Detecting Code-Driven Attacks • Patagonix [Litty et al. USENIX Security ‘08] typifies most code integrity monitoring systems • A different class of rootkits attack code – trojaned system utilities – kernel code modifications • Can protect both kernel code and user space code • Protects against a different set of attacks compared to Gibraltar Mobisys 6/30/2011 21

  22. Detecting Code-Driven Attacks Trusted domain Guest domain Patagonix daemon Code: OS & Data applications 2 Hash hash(page) ? Code DB page 3 1 Resume Alert Hypervisor guest user Mobisys 6/30/2011 22

  23. Tradeoffs for Code-Based Detectors Attack Surface Original design of Patagonix All Code Root Processes Kernel Code Poll Frequency Event Threshold: (pages (seconds) exec between checks) 341 50 120 10 1 0 1 5 30 Frequency of Checks Mobisys 6/30/2011 23

  24. Putting it Together • Cover 96% of Rootkits • Polling sweet spot – 30 sec Mobisys 6/30/2011 24

  25. Conclusion • Mobile malware is a threat • Security tools costly when energy constrained • Developed a framework to quantify the tradeoff between energy efficiency and security • Optimized two previously existing tools • Generated a “balanced” security profile Mobisys 6/30/2011 25

  26. Thank You! Fully Secure Select a security plan: Balanced Low risk High risk Learn how to conserve power More security options Smart Phone Security Center Mobisys 6/30/2011 26

  27. Randomization • Periodically scan Attack Surface • Attackers will attempt to exploit the system while idle • Randomize the time the system is idle Frequency of Checks Mobisys 6/30/2011 27

  28. Cloud Offload Feasibility Cloud offload impractical energy-wise Mobisys 6/30/2011 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTOMATIC TRADEOFFS: ACCURACY AND ENERGY Stephanie Forrest

AUTOMATIC TRADEOFFS: ACCURACY AND ENERGY Stephanie Forrest

AUTOMATIC TRADEOFFS: ACCURACY AND ENERGY Stephanie Forrest Westley Weimer Jonathan Dorn Jeremy Lacomis 1/13/17 1 Tradeoffs So6ware development involves

527 views • 28 slides
Stabilization versus Sustainability: Macroeconomic Tradeoffs Huixin Bi, Eric Leeper &

Stabilization versus Sustainability: Macroeconomic Tradeoffs Huixin Bi, Eric Leeper &

Stabilization versus Sustainability: Macroeconomic Tradeoffs Huixin Bi, Eric Leeper & Campbell Leith Bank of Canada, Indiana University & University of Glasgow March 2011 (Preliminary) Huixin Bi, Eric Leeper & Campbell Leith

361 views • 35 slides
Analysis of the Tradeoffs between Energy and Run Time for Multilevel Checkpointing Prasanna

Analysis of the Tradeoffs between Energy and Run Time for Multilevel Checkpointing Prasanna

Analysis of the Tradeoffs between Energy and Run Time for Multilevel Checkpointing Prasanna Balaprakash, Leonardo A. Bautista Gomez , Slim Bouguerra, Stefan M. Wild, Franck Cappello , and Paul D. Hovland ANL PMBS workshop @ SC14

705 views • 43 slides
Energy-performance tradeoffs for HPC applications on low power processors E. Calore 1 . Schifano 1

Energy-performance tradeoffs for HPC applications on low power processors E. Calore 1 . Schifano 1

Energy-performance tradeoffs for HPC applications on low power processors E. Calore 1 . Schifano 1 R. Tripiccione 1 S. F 1 INFN Ferrara and Universit degli Studi di Ferrara, Italy UnConventional High Performance Computing 2015 Euro-Par

481 views • 47 slides
Visualizing size-security tradeoffs for lattice-based encryption Daniel J. Bernstein Horizontal

Visualizing size-security tradeoffs for lattice-based encryption Daniel J. Bernstein Horizontal

Visualizing size-security tradeoffs for lattice-based encryption Daniel J. Bernstein Horizontal axis: ciphertext size Why focus on size instead of CPU time? Fitting into existing frameworks and protocols. Data from Google. Long term:

835 views • 23 slides
Area and Time Tradeoffs in FPGAs Examining the concept of area/time tradeoffs in FPGA design,

Area and Time Tradeoffs in FPGAs Examining the concept of area/time tradeoffs in FPGA design,

Area and Time Tradeoffs in FPGAs Examining the concept of area/time tradeoffs in FPGA design, pattern matching, and Advanced Encryption Standard (AES) Richie Ung Trang (z5061606) Harry Gougousidis (z5159917) Henry Veng (z5113239) Presentation

569 views • 30 slides
GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF

GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF

GLOBAL ENERGY SECURITY THROUGH DIALOGUE GLOBAL ENERGY SECURITY THROUGH DIALOGUE Role of IEF Neutrality IEF adds value Promoting Inclusive Global Energy Cooperation by standing for Energy Data Transparency Ministerial Meeting Outcomes

112 views • 8 slides
Exploring Tradeoffs between Programmability and Efficiency in Data-Parallel Accelerators

Exploring Tradeoffs between Programmability and Efficiency in Data-Parallel Accelerators

EECS Electrical Engineering and Computer Sciences B ERKELEY P AR L AB P A R A L L E L C O M P U T I N G L A B O R A T O R Y Exploring Tradeoffs between

793 views • 55 slides
Tradeoffs in Droplet Transport for Digital Microfluidic Biochips Johnathan Fiske, *Dan Grissom ,

Tradeoffs in Droplet Transport for Digital Microfluidic Biochips Johnathan Fiske, *Dan Grissom ,

Exploring Speed and Energy Tradeoffs in Droplet Transport for Digital Microfluidic Biochips Johnathan Fiske, *Dan Grissom , Philip Brisk University of California, Riverside 19 th Asia & South PacificDesign Automation Conference Singapore,

935 views • 77 slides
ENERGY SECURITY Dr Jarosaw Winiewski, LSEE Visiting Fellow @jarwisniewski OUTLINE 1. Energy

ENERGY SECURITY Dr Jarosaw Winiewski, LSEE Visiting Fellow @jarwisniewski OUTLINE 1. Energy

POLITICISATION OF ENERGY SECURITY Dr Jarosaw Winiewski, LSEE Visiting Fellow @jarwisniewski OUTLINE 1. Energy mix 2. Energy security in South East Europe 3. Energy security (definitions) 4. Pipelines Great pipeline rivalry South

432 views • 27 slides
Energy Security of EaP Countries and Energy Union Strategy EaP Platform 3 meeting #14 Murman

Energy Security of EaP Countries and Energy Union Strategy EaP Platform 3 meeting #14 Murman

Energy Security of EaP Countries and Energy Union Strategy EaP Platform 3 meeting #14 Murman Margvelashvili Brussels December 11, 2015 Energy Security in the Context of National Security ( example of Georgia ) National Values Freedom,

355 views • 18 slides
Energy in Transition: How Green Energy Investments Enhance Energy Security Dr. Spyros Kiartzis

Energy in Transition: How Green Energy Investments Enhance Energy Security Dr. Spyros Kiartzis

Energy in Transition: How Green Energy Investments Enhance Energy Security Dr. Spyros Kiartzis Manager New Technologies & Alternative Energy Sources 11 th International Conference on Energy and Climate Change, Athens, 10 October 2018

588 views • 21 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
REDD+ within the WEL nexus Opportunities and tradeoffs Kristy Graham May 2011 Outline What

REDD+ within the WEL nexus Opportunities and tradeoffs Kristy Graham May 2011 Outline What

REDD+ within the WEL nexus Opportunities and tradeoffs Kristy Graham May 2011 Outline What is REDD+? REDD+ as a land use option Tradeoffs of using land for REDD+ vs other uses Tradeoffs will depend on policies in other sectors

551 views • 10 slides
Solar Sailing Kinetic Energy Impactor (KEI) Bernd Dachwald Ralph Kahle Mission Design Tradeoffs

Solar Sailing Kinetic Energy Impactor (KEI) Bernd Dachwald Ralph Kahle Mission Design Tradeoffs

Solar Sailing KEI Apophis Deflection Mission Solar Sailing Kinetic Energy Impactor (KEI) Bernd Dachwald Ralph Kahle Mission Design Tradeoffs for Impacting and Bong Wie Deflecting Asteroid 99942 Apophis Outline Introduction Mission Design

513 views • 36 slides
Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and

Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and

Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and Wilson Rickerson AGENDA 1.Defense Energy and National Security 2.State Support for DoD Missions 3.Advanced Energy Security for the Home Front

697 views • 16 slides
Web Hosting and Domain Names Introduction to Web Design Web Hosting and Domain Names

Web Hosting and Domain Names Introduction to Web Design Web Hosting and Domain Names

Web Hosting and Domain Names Introduction to Web Design Web Hosting and Domain Names Introduction to Web Design Domain names serve as a more memorable reference to Domain Names Internet resources. Domain names are used to identify Internet

288 views • 11 slides
CURE Frontiers in Research Seminar Series Host Guidelines Goal for the Program: The goal of

CURE Frontiers in Research Seminar Series Host Guidelines Goal for the Program: The goal of

CURE Frontiers in Research Seminar Series Host Guidelines Goal for the Program: The goal of CUREs Frontiers in Research Seminar Series program is to expose researchers, clinicians, and students to exciting epilepsy research and provide

237 views • 5 slides
OpenStack performance optimization NUMA, Large pages & CPU pinning Daniel P. Berrang

OpenStack performance optimization NUMA, Large pages & CPU pinning Daniel P. Berrang

OpenStack performance optimization NUMA, Large pages & CPU pinning Daniel P. Berrang <berrange@redhat.com> About me Contributor to multiple virt projects Libvirt Developer / Architect 8+ years OpenStack contributor 2 years

828 views • 27 slides
How to Host a Legislation Event: Open the door to advocacy! Patrice Rachlin, NYS PTA Legislation

How to Host a Legislation Event: Open the door to advocacy! Patrice Rachlin, NYS PTA Legislation

How to Host a Legislation Event: Open the door to advocacy! Patrice Rachlin, NYS PTA Legislation Coordinator legislation@nyspta.org Who What When Where Why Learn the steps to hosting an informative legislative forum. Bring together

856 views • 16 slides
Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh Srikanth Kandula

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh Srikanth Kandula

Trusted End Host Monitors for Securing Cloud Datacenters Alan Shieh Srikanth Kandula Albert Greenberg Cloud workload is dynamic and hostile Traditional datacenters Cloud datacenters Infrastructure supports small # of

241 views • 6 slides
The Role of Web Hosting Providers in Detecting Compromised Websites Davide Canali, Davide

The Role of Web Hosting Providers in Detecting Compromised Websites Davide Canali, Davide

The Role of Web Hosting Providers in Detecting Compromised Websites Davide Canali, Davide Balzarotti, Aurlien Francillon Software and System Security Group Software and System Security Group EURECOM, France EURECOM, France Motivations

335 views • 20 slides
Implementation of Host-based Overlay Multicast in Support of Web Based Services for RT-DVS

Implementation of Host-based Overlay Multicast in Support of Web Based Services for RT-DVS

Implementation of Host-based Overlay Multicast in Support of Web Based Services for RT-DVS Dennis Moen, Mark Pullen & Fei Zhao George Mason University {dmoen,mpullen,fzhao}@gmu.edu Network Service Requirements for Real Time Distributed

473 views • 15 slides
Overhead-free I/O from enclaves SysTEX'16 Trento, Italy Meni Orenbach Prof. Mark Silberstein 1

Overhead-free I/O from enclaves SysTEX'16 Trento, Italy Meni Orenbach Prof. Mark Silberstein 1

Overhead-free I/O from enclaves SysTEX'16 Trento, Italy Meni Orenbach Prof. Mark Silberstein 1 Research Statement: Enclaves are accelerators for secured execution Accelerator system services and Abstractions can be retrofitted Inspire

297 views • 28 slides

More recommend