iSec Research Projects

Android Security

The number of Android malware has increased greatly during the last few years. Static analysis is widely used in detecting such malware by analyzing the code without execution. However, the effectiveness of current tools depends on the app model as well as the malware detection algorithm that analyzes the app model. If the model and/or the algorithm is inadequate, then sophisticated attacks that are triggered by a specific sequence of events will not be detected. This paper presents the Dexteroid framework, which is based on reverse-engineered life cycle models that accurately capture the behaviors of Android components. Furthermore, Dexteroid systematically derives event sequences from the models, and uses them to detect attacks launched by specific ordering of events. A prototype implementation of Dexteroid has been used to conduct a series of experiments, which show that the proposed framework is effective and efficient in terms of precision, recall, and execution time.

>For more information, see Dexteroid: Detecting Malicious Behaviors in Android Apps Using Reverse-Engineered Life Cycle Models

Usable Security and Privacy

We are exploring designs of systems and interfaces that enable effective security and privacy without placing an excessive burden on users. Our main focus has been on the design of password systems that use system-assigned random passwords but enable high memorability through the use of cues and memory techniques. We draw on theories from cognitive psychology to guide our exploration and also leverage techniques from psychometrics to develop metrics for usability and generalizability. Beyond this, we are interested in alternatives to security warnings that many users ignore, and the use of nudges to improve privacy outcomes.

Anonymous Communications

Traffic analysis can expose a great deal about sensitive relationships; anonymous communications system are a promising technology to stop this kind of information leakage. We focus on ways to stop long-term attacks against these systems, as well as the application of anonymity to wireless and ad-hoc networks.

> See our project page

Security Monitoring using Sensor Networks

Wireless sensor networks have tremendous promise for monitoring a region, such as a border or a secured facility. In this project, we are developing comprehensive solutions to make such monitoring effective against powerful, adaptive attackers. This includes defenses against such problems as network jamming attacks, probing and evasive intruders, and wide-scale node compromise. By addressing these issues together, we will be able to create a network architecture that combines our solutions and makes security monitoring with sensor networks an effective and powerful tool.

> See our Border Security project page

Incentives in Security and Privacy

Most security problems are posed as black and white issues, but many times, models based on incentives are more approprate. In this work, we find areas in which incentives can be added to systems to enhance their security properties, and we use game-theoretic analysis to understand how incentives play out in existing systems. Research includes incentives for worm detection, anonymous communications, and digitial rights management.