NATIONAL SCIENCE FOUNDATION Award 1617424 to Gupta, Rajiv: TWC: Small: Collaborative: Improving Android Security with Dynamic Slicing

Rajiv Gupta
Distinguished Professor & Assoc. Dean for Academic Personnel
Computer Science & Engineering
rajivg@ucr.edu
(951) 827-2558

UCR Grants Archive

TWC: Small: Collaborative: Improving Android Security with Dynamic Slicing

AWARD NUMBER

008261-002

FUND NUMBER

33260

STATUS

Closed

AWARD TYPE

3-Grant

AWARD EXECUTION DATE

6/3/2016

BEGIN DATE

9/1/2016

END DATE

8/31/2019

AWARD AMOUNT

$250,000

Sponsor Information

SPONSOR AWARD NUMBER

1617424

SPONSOR

NATIONAL SCIENCE FOUNDATION

SPONSOR TYPE

Federal

FUNCTION

Organized Research

PROGRAM NAME

Proposal Information

PROPOSAL NUMBER

16040435

PROPOSAL TYPE

New

ACTIVITY TYPE

Basic Research

PI Information

Gupta, Rajiv

PI TITLE

Other

PI DEPTARTMENT

Computer Science & Engineering

PI COLLEGE/SCHOOL

Bourns College of Engineering

CO PIs

Project Information

ABSTRACT

Mobile devices have been very successful and continue to expand their user base. However, the very features that have made these devices successful, e.g., rich sensor inputs (GPS, camera, microphone) and continuous Internet connectivity, have also made the devices a favorite target for attackers. Attacks can have many negative consequences, from stealing users' secrets to spying on the users or installing viruses that render devices inoperable. This project will develop dynamic slicing techniques so that developers and researchers will be able to gain effective insights into device and app behavior, including malicious apps; this will make it easier to construct secure apps and to find/eliminate malicious behavior, which in turn will benefit mobile device users. Undergraduate and graduate students will be introduced to new approaches to smartphone security, which will make students better equipped for tackling emerging software research and development challenges.

Dynamic slicing (analyzing an execution to identify relevant code and data dependences) is a particularly effective technique for addressing a wide range of security problems. This project will develop a dynamic slicer for Android and then use the slicer, as well as its integration with other existing tools, for three main security applications. First, improving dynamic taint analysis via efficient, effective, integrated control/data slicing. Second, finding relevant parts in the input to identity which sensor stream and part thereof are responsible for security-relevant behavior, e.g., attack, crash, botnet operation, or use of anti-detection techniques. Third, Undo Computing, in particular combining slicing with record-and-replay to support undo computing on Android. These lines of work are expected to lead to advances in: security, e.g., precise and effective dynamic taint tracking, finding leaks due to control dependences, understanding botnet behavior, principled discovery of anti-detection techniques, separating benign from malicious state changes; and program analysis, e.g., slicing programs that are event-oriented or rely heavily on inter-process communication; computing input/data/code interdependences in the presence of high-throughput event streams.

(Abstract from NSF)