Malware Analysis on Mobile and Commodity Computing Platforms
University of Technology in Vienna, Austria
Time: 11 a.m.,
Two complementing approaches exist to analyze potentially malicious software (malware); static and dynamic analysis. Static analysis reasons about the functionality of the analyzed application by analyzing the program's code in source, binary, or any intermediate representation. In contrast, dynamic analysis monitors the execution of an application and the effects the application has on the execution environment. In this talk I will present a selection of my research in both areas -- static and dynamic analysis. On commodity x86 computer systems the browser has become a central hub of activity and information. Hence, a plethora of malware exists that tries to access and leak the sensitive information stored in the browser's context. Accordingly, I will present the research and results from my dynamic analysis system (TQANA) targeting malicious Internet Explorer plugins. TQANA implements full system data-flow analysis to monitor the propagation of sensitive data originating from within the browser. This system successfully detects a variety of spyware components that steal sensitive data (e.g., the user's browsing history) from the browser.
In the mobile space, smartphones have become similar hubs for online communication and private data. The protection of this sensitive data is of great importance to many users. Therefore, I will demonstrate how my system (PiOS) leverages static binary analysis to detect privacy violations in applications targeted at Apple's iOS platform. PiOS automatically detects a variety of privacy breaches, such as the transmission of GPS coordinates, or leaked address books. Applications that transmit address book contents recently got in the focus of mainstream media as many popular social network applications (e.g., Path, Gowalla, or Facebook) transmit a copy of the user's address book to their backend servers. The static analysis in PiOS is also the foundation for a dynamic enforcement system that implements control-flow integrity (CFI) on the iOS platform. Thus, this system is suitable to prevent the broad range of control flow diverting attacks on the iOS platform.