Description
Smartphones have come to resemble PCs in software complexity. Moreover, as they are often used for privacy-sensitive tasks, they are becoming attractive targets for attackers. Unfortunately, they are quite different from PCs in terms of resources, so that PC-oriented security solutions are not always applicable. Worse, common security solutions (such as on-access file scanners, system call profilers, etc.) protect against a very limited set of attacks. Comprehensive measures require a far wider and more expensive set of checks - some of which are much beyond the capacity of a phone.
Figure 1: decoupling security checks from the phone
In the Paranoid Android project, we propose an alternative
solution (shown in Figure 1, where security
checks are applied on remote security servers which host exact
replicas of the phones in virtual environments. The servers are not
subject to the same constraints, allowing us to apply multiple
detection techniques simultaneously (including ones that are very
heavy-weight).
Moreover, as the full execution trace is preserved on the security
server, attackers cannot hide their traces. This property ensures that
attacks for which a detection method exists at the security server -
even if the detection method is installed at a later time - are
detectable eventually. This is a stronger guarantee than existing
solutions can give. It allows administrators to trade server resources
for security by specifying how far back in time they want to be able
to start looking for intrusions with a new detection method. We
implemented the security model for Android phones and show that it is
both practical and scalable: we generate about 2KiB/s and 64B/s of
trace data under high-load and idle operation respectively, and are
able to support more than a hundred replicas on a single server.
Publications
- The preferred publication to cite is our ACSAC'10 paper: Paranoid Android: Versatile Protection For Smartphones, Annual Computer Security Applications Conference (ACSAC'10), Austin, Texas, December 2010.
- We first wrote a technical report on our Paranoid Android
implementation in September 2009, known as Protecting smart phones by means of execution replication, Technical Report IR-CS-54, September 2009.
- We updated the report in 2010: Paranoid Android: Zero-Day Protection for Smartphones Using the
Cloud, Technical Report IR-CS-58. February 2010.
Herbert