EPSRC logo

Details of Grant 

EPSRC Reference: EP/L022710/1
Title: MobSec: Malware and Security in the Mobile Age
Principal Investigator: Cavallaro, Professor L
Other Investigators:
Kinder, Professor J
Researcher Co-Investigators:
Project Partners:
McAfee Labs
Department: Information Security
Organisation: Royal Holloway, Univ of London
Scheme: Standard Research
Starts: 10 November 2014 Ends: 31 August 2018 Value (£): 747,777
EPSRC Research Topic Classifications:
Fundamentals of Computing Mobile Computing
Modelling & simul. of IT sys. Networks & Distributed Systems
EPSRC Industrial Sector Classifications:
Communications Information Technologies
Related Grants:
Panel History:
Panel DatePanel NameOutcome
22 Jan 2014 BACCHUS Full Proposals Announced
Summary on Grant Application Form
With more than 1 billion of activations reported on Sep 2013, Android mobile devices have become ubiquitous with trends showing that such a pace is unlikely slowing down. Android devices are extremely appealing: powerful, with a functional and easy-to-use user interface to access sensitive user and enterprise data, they can easily replace traditional computing devices, especially when information is consumed rather than produced. Application marketplaces, such as Google Play, drive the entire economy of mobile applications. For instance, with more than 1 million installed apps and a share of 35%, Google Play has generated revenues exceeding 9 billion USD. Such a wealthy and quite unique ecosystem with high turnovers and access to sensitive data has unfortunately also attracted the interests of cybercriminals, with malware now hit- ting Android devices at an alarmingly rising pace. Privacy breaches (e.g., access to address book and GPS coordinates), monetization through premium SMS and calls, and colluding malware to bypass 2-factor authentication schemes have become real threats. Recent studies report how mobile marketplaces have been abused to host malware or seemingly legitimate applications embedding malicious components. This clearly reflects the shift from an environment in which malware was developed for fun, to the current situation, where malware is spread for financial profit.

Given the limitations of the state-of-the-art just outlined and according to the security roadmap provided by the European Network of Excellence SysSec, it is clear that "[...] more research focused on the development of defensive tools and techniques that can be deployed to the current smartphone systems to detect and prevent attacks against the device and its applications is needed". MobSec wants to fill this gap with a well-rounded practical research proposal.

The goal of MobSec is to improve the security of mobile devices by reducing the risk from installing and using third party applications.

Our research objectives build on each other to achieve this goal: First, we will develop dynamic analyses to automatically, faithfully and comprehensively construct models of application behavior. We will address the problem of incompleteness in dynamic analysis by replaying human interaction traces and complementing them with systematic exploration using symbolic execution. Once we are able to build models containing the interesting behavioral traits of mobile malware, we focus on detecting and containing malicious behavior. We initially target information leakage by investigating evasion-resistant information leakage detection techniques and later generalize to distinguish malicious from benign apps. To handle cases in which detection is not possible, we contain potential threats by decomposing apps in logical components: this enables the enforcement of security policies and characterization of per-component behaviors, which, being more specific, allow us to detect behavior of malicious components embedded in seemingly legitimate apps. Finally, MobSec aims at exploring virtualization extensions of CPUs to open up the possibility of in-device implementation of the aforementioned analyses.
Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: