The goal of MobSec is to improve the security of mobile devices by reducing the risk from installing and using third party applications.
Our research objectives build on each other to achieve this goal: First, we will develop dynamic analyses to automatically, faithfully and comprehensively construct models of application behavior. We will address the problem of incompleteness in dynamic analysis by replaying human interaction traces and complementing them with systematic exploration using symbolic execution. Once we are able to build models containing the interesting behavioral traits of mobile malware, we focus on detecting and containing malicious behavior. We initially target information leakage by investigating evasion-resistant information leakage detection techniques and later generalize to distinguish malicious from benign apps. To handle cases in which detection is not possible, we contain potential threats by decomposing apps in logical components: this enables the enforcement of security policies and characterization of per-component behaviors, which, being more specific, allow us to detect behavior of malicious components embedded in seemingly legitimate apps. Finally, MobSec aims at exploring virtualization extensions of CPUs to open up the possibility of in-device implementation of the aforementioned analyses.