Mobile System Security
Smartphones have become one of the most valuable attack targets due to its popularity. Most mobile malware aims to steal a huge amount of sensitive user data kept in smartphones, e.g., emails, contacts, and photos. Therefore, we should develop effective solutions to protect such private data from attackers.
To prevent various attacks, mobile system platforms such as Android adopt a permission based mechanism that restricts the capabilities of an application pursuant to the application specification and a user’s approval. The security mechanism specifies whether an application can access sensitive user data or system resources.
However, restricting the capabilities of individual applications still has security problems because a malicious application can bypass the restriction by exploiting some vulnerabilities. We are currently focusing:
- Analyzing existing security enforcements adopted smartphones
- Identifying security holes attackers can abuse to conduct certain attacks
- Implementing security extensions to mitigate the attacks