Proactive restart as cyber maneuver for Android

Moving-target defense is an effective strategy for deflecting cyber attacks. The widespread use of smartphones in the tactical field requires novel ways of securing smartphones against an ever-increasing number of zero-day attacks. We propose a new, proactive approach for securing smartphone apps against certain classes of attacks. We leverage smartphone's native support for quick and lossless restarts to make application restart a cyber maneuver meant to deflect and confuse attackers. We propose a time-series entropy metric to quantify attack resilience. We apply our approach to 12 popular Android apps chosen from a variety of domains, including online banking and shopping. Preliminary experiments with using proactive restarts on these apps show that restart is a promising way of increasing attack resilience for a certain class of side-channel attacks named Activity Inference attacks.

[1]  George Candea,et al.  Microreboot - A Technique for Cheap Recovery , 2004, OSDI.

[2]  Vitaly Shmatikov,et al.  Memento: Learning Secrets from Process Footprints , 2012, 2012 IEEE Symposium on Security and Privacy.

[3]  Yinglian Xie,et al.  Collaborative TCP sequence number inference attack: how to crack sequence number under a second , 2012, CCS '12.

[4]  Klara Nahrstedt,et al.  Identity, location, disease and more: inferring your secrets from android public resources , 2013, CCS.

[5]  Iulian Neamtiu,et al.  Towards self-healing smartphone software via automated patching , 2014, ASE.

[6]  B. Pompe,et al.  Permutation entropy: a natural complexity measure for time series. , 2002, Physical review letters.

[7]  Michalis Faloutsos,et al.  Permission evolution in the Android ecosystem , 2012, ACSAC '12.

[8]  Don Torrieri,et al.  Cyber Maneuvers and Maneuver Keys , 2014, 2014 IEEE Military Communications Conference.

[9]  Ananthram Swami,et al.  Security and Science of Agility , 2014, MTD '14.

[10]  Nan Zhang,et al.  Leave Me Alone: App-Level Protection against Runtime Information Gathering on Android , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Angelos D. Keromytis,et al.  ASSURE: automatic software self-healing using rescue points , 2009, ASPLOS.

[12]  Christopher Krügel,et al.  What the App is That? Deception and Countermeasures in the Android User Interface , 2015, 2015 IEEE Symposium on Security and Privacy.

[13]  Zhuoqing Morley Mao,et al.  Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks , 2014, USENIX Security Symposium.

[14]  XiaoFeng Wang,et al.  Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems , 2009, USENIX Security Symposium.

[15]  Michael D. Ernst,et al.  Automatically patching errors in deployed software , 2009, SOSP '09.

[16]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.