With explosion growth of mobile device, profits by attack mobile device also increase in an incredible rate. In some aspect, mobile combine to user even more close. Due to those reason, mobile malware appear exponentially. Especially for android malware due to it's widely used and open architecture. Many recent report also show that android malware increase exponentially, like Dissecting Android Malware: Characterization and Evolution in S&P'12 and F-secure Mobile Threat Report.
To address rapidly raise of mobile , both static and dynamic approach have been proposed. However static analysis suffer from code obfuscation and packed. In additional, static analysis will fail to reveal dynamic behavior include dynamic loading. Therefore dynamic analysis become standard and future trend to analysis android malware.
Although dynamic analysis can overcome code obfuscation and dynamic loading, dynamic analysis also has some shortcoming, like code coverage. In android platform, it lacks robust emulator that can precisely emulate common device like GPS, SMS and phone call, Some of which are most interesting when analysis android malware. However directly use real device to analysis is unavailable due to damage of read device and hard to scale. One reasonable solution is to use virtualization technique, however there are no stable virtualiazation platform in arm due to property of ARM system which not support virtualization.
Following the trend of virtualization, Sangsong proposed XEN/ARM and Columbia University also proposed KVM/ARM in 2010. However both solution lack of hardware support and have appendant memory and CPU overhead. In SOSP'11, Columbia University Department of Computer Science announce Cells project, which is the very first work about OS virtualization in ARM. Cells can leverage device that already support by OS without port every device. In Taiwan , SS Lab in NTHU also research in virtualization in ARM.Those research expose a new possibility for android malware analysis which employs real device with virtualization, so that we can reuse and reconstruct clean environment for analysis.
沒有留言:
張貼留言