Malware Analysis on Mobile and Commodity Computing Platforms 

University of Technology in Vienna, Austria

Time: 11 a.m.,
Date: Monday, March 12, 2012
Place: Room 1000 SEO

ABSTRACT
Two complementing approaches exist to analyze potentially malicious software (malware); static and dynamic analysis. Static analysis reasons about the functionality of the analyzed application by analyzing the program's code in source, binary, or any intermediate representation. In contrast, dynamic analysis monitors the execution of an application and the effects the application has on the execution environment. In this talk I will present a selection of my research in both areas -- static and dynamic analysis. On commodity x86 computer systems the browser has become a central hub of activity and information. Hence, a plethora of malware exists that tries to access and leak the sensitive information stored in the browser's context.  Accordingly, I will present the research and results from my dynamic analysis system (TQANA) targeting malicious Internet Explorer plugins. TQANA implements full system data-flow analysis to monitor the propagation of sensitive data originating from within the browser. This system successfully detects a variety of spyware components that steal sensitive data (e.g., the user's browsing history) from the browser.

In the mobile space, smartphones have become similar hubs for online communication and private data. The protection of this sensitive data is of great importance to many users. Therefore, I will demonstrate how my system (PiOS) leverages static binary analysis to detect privacy violations in applications targeted at Apple's iOS platform. PiOS automatically detects a variety of privacy breaches, such as the transmission of GPS coordinates, or leaked address books. Applications that transmit address book contents recently got in the focus of mainstream media as many popular social network applications (e.g., Path, Gowalla, or Facebook) transmit a copy of the user's address book to their backend servers. The static analysis in PiOS is also the foundation for a dynamic enforcement system that implements control-flow integrity (CFI) on the iOS platform. Thus, this system is suitable to prevent the broad range of control flow diverting attacks on the iOS platform.

SHORT BIO
Manuel Egele is a post-doctoral researcher at the Computer Security Group of the Department of Computer Science at the University of California, Santa Barbara.  He received his MSc (2006) and Ph.D. (2011) degrees in computer science from the University of Technology in Vienna. His research interests span all areas of systems security -- in particular mobile security, malicious code analysis, and web security. Lately, he has started investigating current threats to social network users.