Learn More
We explore the threat of smartphone malware with access to on-board sensors, which opens new avenues for illicit collection of private information. While existing work shows that such " sensory malware " can convey raw sensor data (e.g., video and audio) to a remote server, these approaches lack stealthiness, incur significant communication and computation(More)
2 Motivation • Binary signature based detection inherently ineffective – We all know the problems... – Arms-race, pretty much a lost battle • Network based approaches evadable – Systems scan for communication artifacts – Encryption / blending thwart detection Why do we propose yet another malware detection scheme (yamds)? 3 Motivation • Don't rely on(More)
The emergence of cost-effective cloud services offers organizations great opportunity to reduce their cost and increase productivity. This development, however, is hampered by privacy concerns: a significant amount of organizational computing workload at least partially involves sensitive data and therefore cannot be directly outsourced to the public cloud.(More)
The design of Android is based on a set of unprotected shared resources, including those inherited from Linux (e.g., Linux public directories). However, the dramatic development in Android applications (app for short) makes available a large amount of public background information (e.g., social networks, public online services), which can potentially turn(More)
Android phone manufacturers are under the perpetual pressure to move quickly on their new models, continuously customizing Android to fit their hardware. However, the security implications of this practice are less known, particularly when it comes to the changes made to Android's Linux device drivers, e.g., those for camera, GPS, NFC etc. In this paper, we(More)
Genome-wide association studies (GWAS) aim at discovering the association between genetic variations, particularly single-nucleotide polymorphism (SNP), and common diseases, which is well recognized to be one of the most important and active areas in biomedical research. Also renowned is the privacy implication of such studies, which has been brought into(More)
Since the emergence of peer-to-peer (P2P) networking in the last 90s, P2P traffic has become one of the most significant portion of the network traffic. Accurate identification of P2P traffic makes great sense for efficient network management and reasonable utility of network resources. App-level classification of P2P traffic, especially without payload(More)
Stealing of sensitive information from apps is always considered to be one of the most critical threats to Android security. Recent studies show that this can happen even to the apps without explicit implementation flaws, through exploiting some design weaknesses of the operating system, e.g., Shared communication channels such as Bluetooth, and side(More)
—The pervasiveness of security-critical external resources (e.g accessories, online services) poses new challenges to Android security. In prior research we revealed that given the BLUETOOTH and BLUETOOTH_ADMIN permissions, a malicious app on an authorized phone gains unfettered access to any Bluetooth device (e.g., Blood Glucose meter, etc.). Here we(More)
—With the rapid increase in Android device popularity , the capabilities that the diverse user base demands from Android have significantly exceeded its original design. As a result, people have to seek ways to obtain the permissions not directly offered to ordinary users. A typical way to do that is using the Android Debug Bridge (ADB), a developer tool(More)