Detecting Symbian OS malware through static function call analysis

Smartphones become very critical part of our lives as they offer advanced capabilities with PC-like functionalities. They are getting widely deployed while not only being used for classical voice-centric communication. New smartphone malwares keep emerging where most of them still target Symbian OS. In the case of Symbian OS, application signing seemed to be an appropriate measure for slowing down malware appearance. Unfortunately, latest examples showed that signing can be bypassed resulting in new malware outbreak. In this paper, we present a novel approach to static malware detection in resource-limited mobile environments. This approach can be used to extend currently used third-party application signing mechanisms for increasing malware detection capabilities. In our work, we extract function calls from binaries in order to apply our clustering mechanism, called centroid. This method is capable of detecting unknown malwares. Our results are promising where the employed mechanism might find application at distribution channels, like online application stores. Additionally, it seems suitable for directly being used on smartphones for (pre-)checking installed applications.

Sequential decision fusion for controlled detection errors

Information fusion in biometrics has received considerable attention. The architecture proposed here is based on the sequential integration of multi-instance and multi-sample fusion schemes. This method is analytically shown to improve the performance and allow a controlled trade-off between false alarms and false rejects when the classifier decisions are statistically independent. Equations developed for detection error rates are experimentally evaluated by considering the proposed architecture for text dependent speaker verification using HMM based digit dependent speaker models. The tuning of parameters, n classifiers and m attempts/samples, is investigated and the resultant detection error trade-off performance is evaluated on individual digits. Results show that performance improvement can be achieved even for weaker classifiers (FRR-19.6%, FAR-16.7%). The architectures investigated apply to speaker verification from spoken digit strings such as credit card numbers in telephone or VOIP or internet based applications.

DIScoveringABILITIES : creating interactive performances over the Internet

This article presents a case study that shows how a creative music educator uses the internet to enable participatory performance.

Monitoring smartphones for anomaly detection

In this paper we demonstrate how to monitor a smartphone running Symbian operating system and Windows Mobile in order to extract features for anomaly detection. These features are sent to a remote server because running a complex intrusion detection system on this kind of mobile device still is not feasible due to capability and hardware limitations. We give examples on how to compute relevant features and introduce the top ten applications used by mobile phone users based on a study in 2005. The usage of these applications is recorded by a monitoring client and visualized. Additionally, monitoring results of public and self-written malwares are shown. For improving monitoring client performance, Principal Component Analysis was applied which lead to a decrease of about 80 of the amount of monitored features.

Internet and e-commerce law, business and policy

Over the last two decades, the internet and e-commerce have reshaped the way we communicate, interact and transact. In the converged environment enabled by high speed broadband, web 2.0, social media, virtual worlds, user-generated content, cloud computing, VoIP, open source software and open content have rapidly become established features of our online experience. Business and government alike are increasingly using the internet as the preferred platform for delivery of their goods and services and for effective engagement with their clients. New ways of doing things online and challenges to existing business, government and social activities have tested current laws and often demand new policies and laws, adapted to the new realities. The focus of this book is the regulation of social, cultural and commercial activity on the World Wide Web. It considers developments in the law that have been, and continue to be, brought about by the emergence of the internet and e-commerce. It analyses how the law is applied to define rights and obligations in relation to online infrastructure, content and practices.

Enhancing security of linux-based android devices

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Smartphone malware evolution revisited : Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

Monitoring android for collaborative anomaly detection : a first architectural draft

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways, e.g. for payment systems or assisting the lives of elderly or disabled people. Security threats for these devices become more and more dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level and where third-party developers first time have the opportunity to develop kernel-based low-level security tools. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS, holding the greatest market share among all smartphone OSs, was even closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners privacy. Since signature-based approaches mainly detect known malwares, anomaly-based approaches can be a valuable addition to these systems. They base on mathematical algorithms processing data that describe the state of a certain device. For gaining this data, a monitoring client is needed that has to extract usable information (features) from the monitored system. Our approach follows a dual system for analyzing these features. On the one hand, functionality for on-device light-weight detection is provided. But since most algorithms are resource exhaustive, remote feature analysis is provided on the other hand. Having this dual system enables event-based detection that can react to the current detection need. In our ongoing research we aim to investigates the feasibility of light-weight on-device detection for certain occasions. On other occasions, whenever significant changes are detected on the device, the system can trigger remote detection with heavy-weight algorithms for better detection results. In the absence of the server respectively as a supplementary approach, we also consider a collaborative scenario. Here, mobile devices sharing a common objective are enabled by a collaboration module to share information, such as intrusion detection data and results. This is based on an ad-hoc network mode that can be provided by a WiFi or Bluetooth adapter nearly every smartphone possesses.

Enhanced fast handover triggering mechanism for fast proxy mobile IPv6

Handover performance is critical to support real-time traffic applications in wireless network communications. The longer the handover delay is, the longer an Mobile Node (MN) is prevented from sending and receiving any data packet. In real-time network communication applications, such as VoIP and video-conference, a long handover delay is often unacceptable. In order to achieve better handover performance, Fast Proxy Mobile IPv6 (FPMIPv6) has been standardised as an improvement to the original Proxy Mobile IPv6 (PMIPv6) in the Internet Engineering Task Force (IETF). The FPMIPv6 adopts a link layer triggering mechanism to perform two modes of operation: predictive and reactive modes. Using the link layer triggering, the handover performance of the FPMIPv6 can be improved in the predictive mode. However, an unsuccessful predictive handover operation will lead to activation of a reactive handover. In the reactive mode, MNs still experience long handover delays and a large amount of packet loss, which significantly degrade the handover performance of the FPMIPv6. Addressing this problem, this thesis presents an Enhanced Triggering Mechanism (ETM) in the FPMIPv6 to form an enhanced FPMIPv6 (eFPMIPv6). The ETM reduces the most time consuming processes in the reactive handover: the failed Handover Initiate (HO-Initiate) delay and bidirectional tunnel establishment delay. Consequently, the overall handover performance of the FPMIPv6 is enhanced in the eFPMIPv6. To show the advantages of the proposed eFPMIPv6, a theoretical analysis is carried out to mathematically model the performance of PMIPv6, FPMIPv6 and eFPMIPv6. Extensive case studies are conducted to validate the effectiveness of the presented eFPMIPv6 mechanism. They are carried out under various scenarios with changes in network link delay, traffic load, number of hops and MN moving velocity. The case studies show that the proposed mechanism ETM reduces the reactive handover delay, and the presented eFPMIPv6 outperforms the PMIPv6 and FPMIPv6 in terms of the overall handover performance.

Implementation and evaluation of open source unified communications for SMBs

Unified Communication (UC) is the integration of two or more real time communication systems into one platform. Integrating core communication systems into one overall enterprise level system delivers more than just cost saving. These real-time interactive communication services and applications over Internet Protocol (IP) have become critical in boosting employee accessibility and efficiency, improving customer support and fostering business agility. However, some small and medium-sized businesses (SMBs) are far from implementing this solution due to the high cost of initial deployment and ongoing support. In this paper, we will discuss and demonstrate an open source UC solution, viz. “Asterisk” for use by SMBs, and report on some performance tests using SIPp. The contribution from this research is the provision of technical advice to SMBs in deploying UC, which is manageable in terms of cost, ease of deployment and support.

Design and implementation of unified communications as a service based on the OpenStack cloud environment

Cloud Computing, based on early virtual computer concepts and technologies, is now itself a maturing technology in the marketplace and it has revolutionized the IT industry, being the powerful platform that many businesses are choosing to migrate their in-premises IT services onto. Cloud solution has the potential to reduce the capital and operational expenses associated with deploying IT services on their own. In this study, we have implemented our own private cloud solution, infrastructure as a service (IaaS), using the OpenStack platform with high availability and a dynamic resource allocation mechanism. Besides, we have hosted unified communication as a service (UCaaS) in the underlying IaaS and successfully tested voice over IP (VoIP), video conferencing, voice mail and instant messaging (IM) with clients located at the remote site. The proposed solution has been developed in order to give advice to bussinesses that want to build their own cloud environment, IaaS and host cloud services and applicatons in the cloud. This paper also aims at providing an alternate option for proprietary cloud solutions for service providers to consider.

R U there yet? using virtual classrooms to transform teaching practice

Access to quality higher education is challenging for many Western Australians that live outside the metropolitan area. In 2010, the School of Education moved to flexible delivery of a fully online Bachelor of Education degree for their non -metropolitan students. The new model of delivery allows access for students from any location provided they have a computer and an internet connection. A number of academic staff had previously used an asynchronous environment to deliver learning modules housed within a learning management system (LMS) but had not used synchronous software with their students. To enhance the learning environment and to provide high quality learning experiences to students learning at a distance, the adoption of synchronous software (Elluminate Live) was introduced. This software is a real-time virtual classroom environment that allows for communication through Voice over Internet Protocol (VoIP) and videoconferencing, along with a large number of collaboration tools to engage learners. This research paper reports on the integration of a live e-learning solution into the current LMS environment. Qualitative data were collected from academic staff through informal interviews and participant observation. The findings discuss (i) perceived level of support; (ii) identification of strategies used to create an effective online teacher presence; (iii) the perceived impact on the students' learning outcomes; and (iv) guidelines for professional development to enhance pedagogy within the live e-learning environment.

See you in class: Promoting a quality program for pre-service educators in regional locations through a virtual classroom

The quality of an online university degree is paramount to the student, the reputation of the university and most importantly, the profession that will be entered. At the School of Education within Curtin University, we aim to ensure that students within rural and remote areas are provided with high quality degrees equal to their city counterparts who access face-to-face classes on campus.In 2010, the School of Education moved to flexible delivery of a fully online Bachelor of Education degree for their rural students. In previous years, the degree had been delivered in physical locations around the state. Although this served the purpose for the time, it restricted the degree to only those rural students who were able to access the physical campus. The new model in 2010 allows access for students in any rural area who have a computer and an internet connection, regardless of their geographical location. As a result enrolments have seen a positive increase in new students. Academic staff had previously used an asynchronous environment to deliver learning modules housed within a learning management system (LMS). To enhance the learning environment and to provide high quality learning experiences to students learning at a distance, the adoption of synchronous software was introduced. This software is a real-time virtual classroom environment that allows for communication through Voice over Internet Protocol (VoIP) and videoconferencing, along with a large number of collaboration tools to engage learners. This research paper reports on the professional development of academic staff to integrate a live e-learning solution into their current LMS environment. It involved professional development, including technical orientation for teaching staff and course participants simultaneously. Further, pedagogical innovations were offered to engage the students in a collaborative learning environment. Data were collected from academic staff through semi-structured interviews and participant observation. The findings discuss the perceived value of the technology, problems encountered and solutions sought.

Transforming teaching practice through virtual classrooms: A study of staff and student views of synchronous learning

Australia is a vast land and access to quality higher education is challenging for many Australians that live outside the larger metropolitan areas. In 2010, the School of Education at an Australian university (Curtin University in Western Australia) moved to flexible delivery of a fully online Bachelor of Education degree for their rural students. The new model of delivery allows access for students from any location provided they have a computer and an internet connection.A number of teaching staff had previously used an asynchronous environment to deliver learning modules housed within a learning management system (LMS) but had not used synchronous software with their students. To enhance the learning environment and to provide high quality learning experiences to students learning at a distance, the adoption of synchronous software (Elluminate Live) was introduced. This software is a real-time virtual classroom environment that allows for communication through Voice over Internet Protocol (VoIP) and video conferencing, alongside a large number of collaboration tools to engage learners.This research paper reports on the integration of a live e-learning solution into the current Learning Management System (LMS) environment. Staff were interviewed about their perceptions and a questionnaire was administered to a sample of students to identify their experience with the synchronous software in order to inform future practice.