Mobile devices are becoming an indispensable part of work for corporations and governments to store and process sensitive information. Thus, it is important for remote administrators to maintain ...control of these devices via Mobile Device Management (MDM) solutions. ARM TrustZone has been widely regarded as the de facto solution for protecting the security-sensitive software, such as MDM agents, from attacks of a compromised rich OS. However, little attention has been given to protecting the MDM control channel, a fundamental component for a remote administrator to invoke the TrustZone-based MDM agents and perform specific management operations. In this work, we design an ARM TrustZone-based network mechanism, called TZNIC, towards enabling resilient and secure access to TrustZone-based software, even in the presence of a malicious rich OS. TZNIC deploys two NIC drivers, one secure-world driver and one normal-world driver, multiplexing one physical NIC. We utilize the ARM TrustZone-based high privilege to protect the secure-world driver and further resolve several challenges on sharing one set of hardware peripherals between two isolated software environments. TZNIC does not require any changes or collaboration of the rich OS. We implement a prototype of TZNIC, and the evaluation results show that TZNIC can provide a reliable network channel to invoke the security software in the secure world, with minimal system overhead on the rich OS.
The mobile processors with the increasing computational capabilities and software supports for the devices equipped by them have attracted the researchers' attention to check whether they can be used ...for solving complex problems or not. In this study, we used a mobile device powered by an ARM® based processor as a test environment for Artificial Bee Colony (ABC) algorithm that is modelling intelligent foraging behavior of real honey bees. Experimental studies conducted by utilizing a set of high dimensional numeric problems showed that serial and parallel implementations of the ABC algorithm is successfully operated on the mobile device by producing similar results when compared to the serial and parallel counterparts run on a cluster containing conventional processors.
ACMiner Gorski, Sigmund Albert; Andow, Benjamin; Nadkarni, Adwait ...
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy,
03/2019
Conference Proceeding
Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the ...enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code.
The advent of smart sensors and the IoT technology, along with the horizontal evolvement of the fabrication technology, offered new opportunities for the development of safety systems in hazardous ...areas. Nowadays, there are more and more demands for smart equipment to be used by the rescue teams, which to allow them to gather real time information about the hazardous incident causes and its development, thus helping them to plan the adequate rescue strategy, with minimal casualties and maximal rescue results. The TESTES project consortium aims the development of a new generation of sensors, based on deposition of nanofibers and porous films. Those sensors are designed to be used on mobile platforms, as smart sensors. The resulting sensors must be integrated on two classes of mobile platforms: a portable device, which to be carried on by each one of the on-site rescue team members; and a mobile robot platform, which to be teleoperated or which to autonomously move in a hazardous environment. In the current paper we will present the data reading module, the remote transmission module, and the integration of them on the portable device and on the mobile robot platform.
To improve the effect of mobile learning, we should not only deepen learners' understanding of study, but also constantly improve the mobile learning mode. Therefore, from the perspective of English ...vocabulary deep learning, this paper investigates the main mobile vocabulary learning in the functional architecture and its advantages and disadvantages in promoting English vocabulary, and designs and develops a mobile platform oriented English vocabulary deep learning system. The development environment of the platform is J2EE development platform and the Android client uses MyEclipse ADT tool to develop the mobile client according to the Android development library. The scheme also realizes the communication between the client and the server. The system test analysis shows that the scheme can realize the intelligent evaluation of English deep learning, ensure the scientificity and objectivity of vocabulary deep learning, and improve the teaching efficiency.
Over the past decade, the Android operating system install-base has proliferated to billions of devices, rivaling Microsoft Windows as a top computing platform. One of the most attractive aspects of ...Android is its vast collection of applications, available from application stores such as Google's Play Store. Developers have been drawn to Android due to its semantically-rich runtime APIs, which simplify the creation of third-party applications. Many of these APIs provide access to security- and privacy-sensitive information and resources such as the device's geographic location, audio recorded from the device's microphone, and the ability to send and receive SMS messages. In providing these APIs to third-party applications, the Android OS has implicitly taken responsibility for their protection, increasing its access control burden. As a result, current versions of Android have thousands of manually placed access control checks throughout the platform. The goal of this talk is to motivate the need for and utility of semi-automated tools to analyze and validate the access control checks that occur within Android's system code. The challenges are two-fold. First, analysis of Android's middleware code is more challenging than that of third-party applications, which has been studied in-depth over the past decade 3-5. The code spans hundreds of system services, which are implemented in a combination of Java, C++, and C. The system services also have heavy inter-dependencies with one another, frequently invoking entry points in each other using Android's Binder inter-process communication (IPC) framework within the Linux kernel. Second, identifying what is an access control check is nontrivial. While there are well-known checks based on user-authorized permissions and Linux-layer user and group identifiers, system services also use an array of different service-specific checks that must be captured and modeled to assess the correctness of access control enforcement. In this talk, we will discuss these challenges in the context of two case studies. We will begin by discussing ACMiner 6, a tool designed to assess the correctness of access control checks in Android's middleware using consistency analysis. For each Binder entry point in each system service, ACMiner statically analyzes the code to identify all potential access control checks. To do so, ACMiner uses the names of methods and variables and the values of constant strings used in conditional statements to infer the security-semantics of each check on the control-flow path to instructions that throw a SecurityException. ACMiner then uses association rule mining to identify not only which entry points have inconsistent access control checks, but also to suggest what checks should be added. In applying ACMiner to the Android Open Source Project (AOSP), we found the suggestions to be invaluable when determining whether or not an inconsistency was a vulnerability. Next, we discuss the Android Re-Delegation Finder (ARF) 7. When designing ACMiner, we optimized our static program analysis by terminating the control-flow analysis of an entry point when the execution reaches another entry point in the same or different system service. Upon further study, we found that entry points frequently call one another, often changing the protection domain of execution when they do (e.g., by explicitly clearing the calling identity, or calling the entry point of a system service executing in a different process). As with most modern operating systems, Android uses deputies (i.e., system services) to safely perform privileged functionality on behalf of third-party applications. Deputies are inherently necessary for the protection of system resources. However, by losing the calling identity, entry points to Android's system services can become confused deputies. ARF builds on the access control policy extracted by ACMiner to identify potential confused deputy vulnerabilities. Neither ACMiner or ARF were designed to eliminate all false positives. In a code-base as vast as Android, it is unrealistic to expect every nuance can be captured programmatically. Instead, ACMiner and ARF were designed to be semi-automated. Our goal is to drastically reduce the amount of time it takes for a security analyst with domain expertise to identify and fix vulnerabilities. Over the course of our research, we have applied our tools to AOSP versions~7, 8, and 9, discovering many vulnerabilities, seven of which have been assigned CVEs by Google. Moving forward, we hope that our tools can be used not only to identify new vulnerabilities, but also to aid regression testing as new versions of Android are released. Both tools have been made open-source and are hosted on Github 1,2.
SecDeep Liu, Renju; Garcia, Luis; Liu, Zaoxing ...
Proceedings of the International Conference on Internet-of-Things Design and Implementation,
05/2021
Conference Proceeding
There is an increasing emphasis on securing deep learning (DL) inference pipelines for mobile and IoT applications with privacy-sensitive data. Prior works have shown that privacy-sensitive data can ...be secured throughout deep learning inferences on cloud-offloaded models through trusted execution environments such as Intel SGX. However, prior solutions do not address the fundamental challenges of securing the resource-intensive inference tasks on low-power, low-memory devices (e.g., mobile and IoT devices), while achieving high performance. To tackle these challenges, we propose SecDeep, a low-power DL inference framework demonstrating that both security and performance of deep learning inference on edge devices are well within our reach. Leveraging TEEs with limited resources, SecDeep guarantees full confidentiality for input and intermediate data, as well as the integrity of the deep learning model and framework. By enabling and securing neural accelerators, SecDeep is the first of its kind to provide trusted and performant DL model inferencing on IoT and mobile devices. We implement and validate SecDeep by interfacing the ARM NN DL framework with ARM TrustZone. Our evaluation shows that we can securely run inference tasks with 16× to 172× faster performance than no acceleration approaches by leveraging edge-available accelerators.
Advertisement libraries are used in almost two-thirds of apps in Google Play. To increase economic revenue, some app developers tend to entice mobile users to unexpectedly click ad views during their ...interaction with the app, resulting in kinds of ad fraud. Despite some popular ad providers have published behavioral policies to prevent inappropriate behaviors/practices, no previous work has studied whether mobile apps comply with those policies. In this paper, we take Google Admob as the starting point to study policy-violation apps. We first analyze the behavioral policies of Admob and create a taxonomy of policy violations. Then we propose an automated approach to detect policy-violation apps, which takes advantage of two key artifacts: an automated model-based Android GUI testing technique and a set of heuristic rules summarized from the behavior policies of Google Admob. We have applied our approach to 3,631 popular apps that have used the Admob library, and we could achieve a precision of 86% in detecting policy-violation apps. The results further show that roughly 2.5% of apps violate the policies, suggesting that behavioral policy violation is indeed a real issue in the Android advertising ecosystem.
PDF
