Contextually-Aware Mobile Security: Identification, Variation and Fixing of Mobile Threats.


Numerous apps on the mobile-app market such as team management present opportunities beyond traditional mobile and email communications, greatly enhancing the productivity and mobility of employees in companies. However, these apps may contain unwanted behaviors, such as information leakage and root exploits, and thus violates enterprise security policies. Unwanted behaviors in mobile app can evade detection during app analysis by mimicking security-sensitive behaviors of benign behaviors that provide similar functionality (e.g., sending SMS messages), and suppressing their payload to reduce the chance of being observed (e.g., executing only its payload at night). Since current approaches focus their analyses on the types of security-sensitive resources being accessed (e.g., network), these evasive techniques make differentiating between unwanted and benign app behaviors a difficult task during app analysis. In this talk, I propose that unwanted and benign behaviors within apps can be differentiated based on the contexts that trigger security-sensitive behaviors, i.e., the events and conditions that cause the security-sensitive behaviors to occur. I will first introduce AppContext, an approach of static program analysis that extracts the contexts of security-sensitive behaviors to assist app analysis in differentiating between malicious and benign behaviors. Then, I will introduce WHYPER, a technique that explain why sensitive user information is used by the applications to help users make better decisions in permission granting. Next, I will briefly mention the malware recomposition variation (MRV) technique that can attack the proposed contextually-aware detection technique by systematically producing malware variants. Last, I will give an introduction on Smar (Systematic Mobile App Repair), that iteratively repairs unwanted behaviors at all four levels of granularity (“where”, “when”, “what”, and “how”).

In IBM Thomas J. Watson Research Center
Yorktown Heights, NY