mobile malware why the traditional av paradigm is doomed
play

Mobile Malware: Why the traditional AV paradigm is doomed, and how - PowerPoint PPT Presentation

Mobile Malware: Why the traditional AV paradigm is doomed, and how to use physics to detect physics to detect undesirable routines Guy Stewart VP Engineering Fatskunk Inc. The Malware Problem The Malware Problem Trojans, Rootkits, the


  1. Mobile Malware: Why the traditional AV paradigm is doomed, and how to use physics to detect physics to detect undesirable routines Guy Stewart VP Engineering Fatskunk Inc.

  2. The Malware Problem The Malware Problem Trojans, Rootkits, the Zero Day Apocalypse

  3. Threats

  4. Threats

  5. Untrustworthy Supply Chains

  6. Software Attestation Software Attestation Introduction to Software Attestation using Principles of Physics

  7. Approach: Measure by Displacement

  8. The software Space / Time trade-off

  9. Approach 1. Stop execution of all programs (malware may refuse) monolith kernel malware malware honest software, data, or passive malware cache

  10. Approach 1. Stop execution of all programs (malware may refuse) monolith 2. Overwrite “free” memory with kernel pseudo-random content (malware refuses again) malware malware cache

  11. Approach 1. Stop execution of all programs (malware may refuse) monolith 2. Overwrite “free” memory with pseudo- kernel random content (malware refuses again) again) malware malware 3. Compute keyed digest of all memory (access order unknown a priori) cache

  12. Verify results

  13. Commercial Applications

  14. Secure Execution Environment (SXE)

  15. OS Secure Boot

  16. TrustZone Normal World

  17. Interconnected Embedded Systems Client Verifier Client Verifier Client

  18. FatSkunk.com Guy Stewart : Guy@FatSkunk.com

Recommend


More recommend