With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Int...With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.展开更多
Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by fl...Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by flooded flow requests.In addition,due to the complicated interactions between applications and controllers,the flow setup latency is relatively large.To address the above security and performance issues of current SDN controllers,we propose distributed rule store(DRS),a new multi-controller architecture for SDNs.In DRS,the controller caches the flow rules calculated by applications,and distributes these rules to multiple controller instances.Each controller instance holds only a subset of all rules,and periodically checks the consistency of flow rules with each other.Requests from switches are distributed among multiple controllers,in order to mitigate controller capacity saturation attack.At the same time,when rules at one controller are maliciously modified,they can be detected and recovered in time.We implement DRS based on Floodlight and evaluate it with extensive emulation.The results show that DRS can effectively maintain a consistently distributed rule store,and at the same time can achieve a shorter flow setup time and a higher processing throughput,compared with ONOS and Floodlight.展开更多
基金the National Key Basic Research and Development (973) Program of China (Nos. 2012CB315801 and 2011CB302805)the National Natural Science Foundation of China (Nos. 61161140320 and 61233016)Intel Research Council with the title of Security Vulnerability Analysis based on Cloud Platform with Intel IA Architecture
文摘With the explosive increase in mobile apps, more and more threats migrate from traditional PC client to mobile device. Compared with traditional Win+Intel alliance in PC, Android+ARM alliance dominates in Mobile Internet, the apps replace the PC client software as the major target of malicious usage. In this paper, to improve the security status of current mobile apps, we propose a methodology to evaluate mobile apps based on cloud computing platform and data mining. We also present a prototype system named MobSafe to identify the mobile app's virulence or benignancy. Compared with traditional method, such as permission pattern based method, MobSafe combines the dynamic and static analysis methods to comprehensively evaluate an Android app. In the implementation, we adopt Android Security Evaluation Framework (ASEF) and Static Android Analysis Framework (SAAF), the two representative dynamic and static analysis methods, to evaluate the Android apps and estimate the total time needed to evaluate all the apps stored in one mobile app market. Based on the real trace from a commercial mobile app market called AppChina, we can collect the statistics of the number of active Android apps, the average number apps installed in one Android device, and the expanding ratio of mobile apps. As mobile app market serves as the main line of defence against mobile malwares, our evaluation results show that it is practical to use cloud computing platform and data mining to verify all stored apps routinely to filter out malware apps from mobile app markets. As the future work, MobSafe can extensively use machine learning to conduct automotive forensic analysis of mobile apps based on the generated multifaceted data in this stage.
基金supported by the National Natural Science Foundation of China(Nos.61402357,61272459,and 61402357)the China Postdoctoral Science Foundation(No.2015M570835)+2 种基金the Fundamental Research Funds for the Central Universities,Chinathe Program for New Century Excellent Talents in Universitythe CETC 54 Project(No.ITD-U14001/KX142600008)
文摘Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by flooded flow requests.In addition,due to the complicated interactions between applications and controllers,the flow setup latency is relatively large.To address the above security and performance issues of current SDN controllers,we propose distributed rule store(DRS),a new multi-controller architecture for SDNs.In DRS,the controller caches the flow rules calculated by applications,and distributes these rules to multiple controller instances.Each controller instance holds only a subset of all rules,and periodically checks the consistency of flow rules with each other.Requests from switches are distributed among multiple controllers,in order to mitigate controller capacity saturation attack.At the same time,when rules at one controller are maliciously modified,they can be detected and recovered in time.We implement DRS based on Floodlight and evaluate it with extensive emulation.The results show that DRS can effectively maintain a consistently distributed rule store,and at the same time can achieve a shorter flow setup time and a higher processing throughput,compared with ONOS and Floodlight.
