• Corpus ID: 16726066

Mobile Malware : Why the Traditional AV Paradigm is Doomed , and How to Use Physics to Detect Undesirable Routines

  title={Mobile Malware : Why the Traditional AV Paradigm is Doomed , and How to Use Physics to Detect Undesirable Routines},
  author={Markus Jakobsson and G. W. Stewart and FatSkunk},
The traditional Anti-Virus paradigm focuses on signature-based and behavioral detection. These require substantial processing, which hurts the limited power resources of handsets. Also, carriers are reluctant and slow to deliver Firmware Over The Air (FOTA) patches, due to the rigorous testing they need to subject updates to, and the costs of over-the-air updates. A move to cloud-based screening fails to recognize that not all threats will be propagated over the backbone, may obfuscate… 
Provably Secure Virus Detection: Using The Observer Effect Against Malware
This work provides a formal model and cryptographic security definitions of attestation for systems with dynamic memory, and suggests novel provably secure attestation schemes that use the very insertion of the malware itself to allow for the systems to detect it.
Provable Virus Detection: Using the Uncertainty Principle to Protect Against Malware
A breakthrough novel approach to provably detect malware injection that uses the very insertion of the malware itself to allow for the systems to detect it, close in spirit to the famous Heisenberg Uncertainty Principle.
Secure Erasure and Code Update in Legacy Sensors
Proofs of Secure Erasure is executed to ensure that the sensor’s memory is purged before sending the updated code, ensuring that no other malicious code is being stored.
Secure Remote Attestation
  • M. Jakobsson
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2018
It is shown that it is possible to create remote attestation that is secure against all data substitution attacks, without relying on self-modifying code.
Understanding Social Engineering Based Scams
This chapter overviews how to estimate the yield of attacks, and how to identify scams that are likely to become more common, and explains why the authors see an increasing number of targeted attacks today.


Retroactive Detection of Malware with Applications to Mobile Platforms
We introduce a practical software-based attestation approach. Our new method enables detection of any active malware (e.g., malware that executes or is activated by interrupts) - even if the
Alien vs. Quine
A novel hardware inspection technique based on the injection of carefully crafted code and the analysis of its output and execution time is introduced, ascertaining that malware doesn't re-flash the BIOS to derail disk-reformatting attempts or simulate their successful completion.
Server-side detection of malware infection
An exceedingly lightweight audit mechanism is introduced to address the need for a server-side tool to determine the security posture of clients before letting them transact, and an enabling of a centralized analysis of malware-related events is promised.
SWATT: softWare-based attestation for embedded devices
This paper presents an implementation of SWATT in off-the-shelf sensor network devices, which enables us to verify the contents of the program memory even while the sensor node is running.
On the difficulty of software-based attestation of embedded devices
This paper presents two generic attacks, one based on a return-oriented rootkit} and the other on code compression, and describes specific attacks on two existing proposals, namely SWATT and ICE-based schemes.
Using Software-based Attestation for Verifying Embedded Systems in Cars
With advances in automobile electronics, we find a rapid prol iferation of embedded systems in cars, both in safety-critical a pp ications and for passenger comfort. These embedded systems are
On the Difficulty of Validating Voting Machine Software with Software
It is demonstrated that the current state of the art in software-based attestation is not sufficiently robust to provide humanly verifiable voting machine integrity in practice and an attack is implemented that indicates that it is currently impractical for use.
Remote attestation on legacy operating systems with trusted platform modules
Remote Software-Based Attestation for Wireless Sensors
This paper proposes a software-based approach to verify the integrity of the memory contents of the sensors over the network without requiring physical contact with the sensor, and describes the building blocks that can be used to build a program for attestation purposes.
Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks
This work proposes two distributed software-based attestation schemes that are well tailored for sensor networks and shows that these schemes achieve high detection rate even when multiple compromised neighbors collude in an attestation process.