Bo Chen (CS/CyberS) is Principal Investigator on a project that has received a $199,975 research and development grant from the National Science Foundation. The project is titled “EAGER: Enabling Secure Data Recovery for Mobile Devices Against Malicious Attacks.” This is a potential two-year project.
Abstract: Mainstream mobile computing devices like smart phones and tablets currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, and can get restored if needed. Such a commonly used “off-device” backup mechanism, however, suffers from a fundamental limitation that, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users.
A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage’s special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks.
Link to an Unscripted article about related research at https://www.mtu.edu/unscripted/stories/2018/march/how-to-speed-up-bare-metal-malware-analysis-and-better-protect-mobile-devices.html.