AsianScientist (Jan. 22, 2020) – By Juliana Chan – From 2013 to 2019, the number of applications (apps) available in the Google Play Store jumped from one million to 2.7 million apps. With the majority of apps being free of charge, most mobile phone users will download a trending app without worrying too much about malware and other security issues.
Unlike most individuals, concerns of cybersecurity are a top priority for Associate Professor Gao Debin of the Singapore Management University (SMU) School of Information Systems. He is the recipient of two grants focused on improving the security of programs executing on desktop computers, servers and mobile devices.
On the first grant, the National Satellite of Excellence – Mobile Systems Security and Cloud Security (NSOE MSS-CS), Professor Gao and collaborators Associate Professor Li Yingjiu (SMU) and Research Assistant Professor Wu Daoyuan (The Chinese University of Hong Kong) will evaluate the security of Android apps available in the Google Play Store.
Titled “Fine-grained Dynamic Analysis and Scalable Static Analysis for Android Applications” and administered by SMU, the research team will study the security of Android apps in three practical settings and propose novel solutions to them.
In the first setting, an in-lab environment, they will use handsets with built-in monitors to trace the execution of apps by individuals. In the second setting, a crowd-sourcing environment, the researchers will deploy a third-party app to perform dynamic monitoring on regular mobile devices. Finally, the researchers will propose a static analysis technique to study apps on Android app markets (such as the Google Play Store) in a scalable manner.
“Upon completion of our MSS project, we will have three platforms for the security evaluation of Android apps, so that their behaviours are accurately and completely revealed before they are published on the market for the general public to download and use,” said Professor Gao.
Toughening up computer programs
For the second grant, the National Satellite of Excellence – Trustworthy Software Systems (NSOE-TSS), Professor Gao and Co-Principal Investigator SMU Associate Professor David Lo aim to deliver automatic systems that improve the security and efficacy of computer programs.
Titled “Enhanced function signature recovery for control-flow integrity enforcement on compiler optimised executables” and administered by the National University of Singapore, the research team will use a technique called control-flow integrity to ‘regulate’ the executions of programs so that they cannot deviate from their intended execution paths.
One critical element of the project is to be able to accurately recognise signatures of individual functions inside a program, so that transitions among all functions can be properly regulated.
“Existing solutions to this problem assume proper function calling conventions, which are usually violated by programs optimised for high performance,” said Professor Gao.
Here, the researchers will systematically evaluate the extent to which existing solutions fail due to program optimisation, then propose novel rule- and heuristic-based solutions that can accurately handle optimised programs. In addition, they will also propose machine learning techniques to automatically learn optimisation strategies potentially used by future programs.
“Our TSS project provides an automatic way of hardening executable programs so that they will not deviate from their intended execution, even if a vulnerability exists and attackers try to exploit it,” he said.
Asian Scientist Magazine is a media partner of the Singapore Management University Office of Research & Tech Transfer.