Periodic Reporting for period 1 - BOXMATE (Mining Sandboxes for Automatic App Protection)
Reporting period: 2017-09-01 to 2019-02-28
Most apps on mobile devices require access to resources to function correctly—resources such as messages, notes, contacts, photos or the current location.
To protect this information, we have developed a technology named BOXMATE to prevent applications from undergoing unexpected behavioral changes. Our approach prevents applications from accessing, during regular use, sensitive resources it does not require while being inspected. BOXMATE can be used to significantly reduce the number of attacks which could happen on mobile applications.
In the BOXMATE ERC Proof-Of-Concept project, we have worked on extending BOXMATE from a research prototype to a full-fledged solution that could be used on arbitrary mobile apps. To this end, we developed a number of techniques that would overcome obstacles for adaptation and monetization.
1. _Test Infrastructure_: BOXMATE requires a flexible and scalable Android testing infrastructure. We developed DroidMate-2, an Android testing platform, to automatically exercise and explore the "normal" behavior of apps that would then be enforced during production.
2. _Test Generation_: To automatically identify which sensitive resources an app accesses, BOXMATE first needs to create a test which triggers such functionality. We implemented an automated test generation technique which uses information learned from a crowd of apps to more effectively test a new app.
3. _Record and Replay_: We developed our technique based on _record and replay_ ideas. Our new technique first automatically tests and record an application, using DroidMate-2, to identify its functionality and necessary sensitive resources. It then isolates each functionality and sensitive resources and replays the first test while iteratively restricting access to each identified resource. Finally, it compares the replay results against those initially recorded and identifies what happens when the functionality is unavailable.
All these techniques do and will get BOXMATE closer to monetization and exploitation. However, we found that there are still gaps between the capabilities provided by BOXMATE and the market needs; furthermore, we found that the market for mobile security solutions remains challenging, both in quantity of interested users as well as in the amounts of money users would be willing to pay. We continue to investigate opportunities, but now aim for the market of networked systems rather than mobile devices.
To protect this information, we have developed a technology named BOXMATE to prevent applications from undergoing unexpected behavioral changes. Our approach prevents applications from accessing, during regular use, sensitive resources it does not require while being inspected. BOXMATE can be used to significantly reduce the number of attacks which could happen on mobile applications.
In the BOXMATE ERC Proof-Of-Concept project, we have worked on extending BOXMATE from a research prototype to a full-fledged solution that could be used on arbitrary mobile apps. To this end, we developed a number of techniques that would overcome obstacles for adaptation and monetization.
1. _Test Infrastructure_: BOXMATE requires a flexible and scalable Android testing infrastructure. We developed DroidMate-2, an Android testing platform, to automatically exercise and explore the "normal" behavior of apps that would then be enforced during production.
2. _Test Generation_: To automatically identify which sensitive resources an app accesses, BOXMATE first needs to create a test which triggers such functionality. We implemented an automated test generation technique which uses information learned from a crowd of apps to more effectively test a new app.
3. _Record and Replay_: We developed our technique based on _record and replay_ ideas. Our new technique first automatically tests and record an application, using DroidMate-2, to identify its functionality and necessary sensitive resources. It then isolates each functionality and sensitive resources and replays the first test while iteratively restricting access to each identified resource. Finally, it compares the replay results against those initially recorded and identifies what happens when the functionality is unavailable.
All these techniques do and will get BOXMATE closer to monetization and exploitation. However, we found that there are still gaps between the capabilities provided by BOXMATE and the market needs; furthermore, we found that the market for mobile security solutions remains challenging, both in quantity of interested users as well as in the amounts of money users would be willing to pay. We continue to investigate opportunities, but now aim for the market of networked systems rather than mobile devices.