Combating the OS-Level Malware in Mobile Devices by Leveraging Isolation and Steganography
Document Type
Conference Proceeding
Publication Date
7-22-2021
Department
Department of Computer Science
Abstract
Detecting the OS-level malware (e.g., rootkit) is an especially challenging problem, as this type of malware can compromise the OS, and can then easily hide their intrusion behaviors or directly subvert the traditional malware detectors running in either the user or the kernel space. In this work, we propose mobiDOM to solve this problem for mobile computing devices. The key idea of mobiDOM is to securely detect the OS-level malware by fully utilizing the existing secure features of a mobile device in the hardware. Specifically, we integrate a malware detector in the flash translation layer (FTL), a firmware layer embedded into the external flash storage which is inaccessible to the OS; in addition, we build a trusted application in the Arm TrustZone secure world, which acts as a user-level controller of the malware detector. The FTL-based malware detector and the TrustZone-based controller communicate with each other stealthily via steganography. Security analysis and experimental evaluation confirm that mobiDOM can securely and effectively detect the OS-level malware.
Publication Title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISBN
9783030816445
Recommended Citation
Chen, N.,
Xie, W.,
&
Chen, B.
(2021).
Combating the OS-Level Malware in Mobile Devices by Leveraging Isolation and Steganography.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),
12809 LNCS, 397-413.
http://doi.org/10.1007/978-3-030-81645-2_23
Retrieved from: https://digitalcommons.mtu.edu/michigantech-p/15392