DRM2
Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks
Project Descriptions:
Mainstream mobile computing devices, such as, smart phones and tablets, currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, that can get restored if needed. Such a commonly used "off-device" backup mechanism, however, suffers from a fundamental limitation, namely, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users. The project also provides opportunities for training for graduate students specially from underrepresented minority groups.
A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data backup and recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage's special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks (an introduction video).
Members:
Bo Chen (PI)
Niusen Chen (PhD student)
Wen Xie (PhD student)
Shashank Reddy Danda (MS student)
Other students involved into the project: Josh Dafoe (BS student), Tejaswi Chintapalli (MS student), Deepthi Tankasala (MS student), Brad Hoose (MS student)
Publications:
[2022] Niusen Chen, Josh Dafoe, and Bo Chen. Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. 2022 ACM Conference on Computer and Communications Security (CCS '22) Posters, Los Angeles, CA, November 2022.
[2022] Wen Xie, Niusen Chen, and Bo Chen. Enabling Accurate Data Recovery for Mobile Devices against Malware Attacks. 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm '22), Kansas City, Missouri, October 2022 (Acceptance rate: 31.7%).
[2022] Niusen Chen, and Bo Chen. Duplicates also Matter! Towards Secure Deletion on Flash-based Storage Media by Removing Duplicates. The 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), Nagasaki, Japan, May 30 - June 3, 2012 (Acceptance rate: 18.4%).
[2022] Niusen Chen, and Bo Chen. Defending against OS-level Malware in Mobile Devices via Real-time Malware Detection and Storage Restoration. Journal of Cybersecurity and Privacy 2, no. 2 (2022): 311-328.
[2021] Niusen Chen, Wen Xie, and Bo Chen. Combating the OS-level Malware in Mobile Devices by Leveraging Isolation and Steganography. The Second ACNS Workshop on Secure Cryptographic Implementation (SCI '21)(in conjunction with ACNS '21), Kamakura, Japan, June 2021.
[2020] Wen Xie, Niusen Chen, and Bo Chen. Incorporating Malware Detection into The Flash Translation Layer. 2020 IEEE Symposium on Security and Privacy (S&P '20) Poster Session, San Francisco (online), CA, May 2020.
[2019] Peiying Wang, Shijie Jia, Bo Chen, Luning Xia and Peng Liu. MimosaFTL: Adding Secure and Practical Ransomware Defense Strategy to Flash Translation Layer. The Ninth ACM Conference on Data and Application Security and Privacy (CODASPY '19), Dallas, TX, USA, March 2019 (Acceptance rate: 23.5%).
[2017] Kul Prasad Subedi, Daya Ram Budhathoki, Bo Chen, and Dipankar Dasgupta. RDS3: Ransomware Defense Strategy by Using Stealthily Spare Space. The 2017 IEEE Symposium Series on Computational Intelligence (SSCI '17), Hawaii, USA, Nov. 27 - Dec. 1, 2017.
[2017] Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia. Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices. 2017 Annual Computer Security Applications Conference (ACSAC ’17), Orlando, Florida, USA, December 2017 (Acceptance rate: 19.7%) (Distinguished Paper Award).
Technical Reports:
[2022] Deepthi Tankasala, Niusen Chen, and Bo Chen. Creating A Testbed for Flash Memory Research via LPC-H3131 and OpenNFM – Linux Version. Technical report, MTU CS Department, June 2022 (Video guide).
[2020] Deepthi Tankasala, Niusen Chen, and Bo Chen. A Step-by-step Guideline for Creating A Testbed for Flash Memory Research via LPC-H3131 and OpenNFM. Technical report, MTU CS Department, July 2020 (Video guide).
Datasets:
Malware I/O Traces On Nand flash (MITON) (latest version: V0.2)
Tools:
FDRecovery: an open-sourced Forensic Data Recovery tool developed by SnP lab in Python.
FFRecovery: an open-sourced ransomware/malware defense tool developed by SnP lab. The tool can enable recovery of the data corrupted by ransomware/malware, in a fine-grained per-file manner (check out our paper). mobiDR: The softwar can enable accurate data recovery (whole-disk) for mobile devices against malware attacks (check out our paper).
Presentations:
[2022] Niusen Chen. Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. 2022 ACM Conference on Computer and Communications Security (CCS '22) Poster Session, Los Angeles, CA, November 2022.
[2022] Niusen Chen. Enabling Accurate Data Recovery for Mobile Devices against Malware Attacks (presentation video. 18th EAI International Conference on Security and Privacy in Communication Networks (virtual conference), October 2022.
[2022] Josh Dafoe. Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. Computing[MTU] Showcase Poster Session, Houghton, MI, October 2022.
[2022] Niusen Chen. Enabling Accurate Data Recovery for Mobile Devices against Malware Attacks. MTU CS cybersecurity reading group, September 2022.
[2022] Bo Chen. Towards Data Protection in Flash-based Storage Media, 2022 Flash Memory Summit, Santa Clara, CA, USA, August 2022.
[2022] Bo Chen. Incorporating Malware Detection into The Flash Translation Layer. The Fifth ACSIC Symposium on Frontiers in Computing (SOFC), Chicago, IL, USA, August 2022. (poster presentation).
[2022] Bo Chen. EAGER: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks. The 5th NSF SaTC PI Meeting, Arlington, VA, USA, June 2022 (poster presentation).
[2022] Niusen Chen. Incorporating Malware Detection into The Flash Translation Layer. Computing[MTU] Showcase Poster Session, Houghton, MI, Apri 2022.
[2021] Niusen Chen. Combating the OS-level Malware in Mobile Devices by Leveraging Isolation and Steganography (video). The Second ACNS Workshop on Secure Cryptographic Implementation (SCI '21), June 2021.
[2021] Wen Xie. MobiDR: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks. MTU CS cybersecurity reading group, April 2021.
[2020] Wen Xie. Incorporating Malware Detection into The Flash Translation Layer. IEEE S&P, May 2020 (poster, preview-video).
[2019] Bo Chen. Enabling Data Recovery from Malicious Attacks in Mobile Devices. Ocean University of China, Shandong, China, December 2019.
[2019] Bo Chen. Enabling Data Recovery from Malicious Attacks in Mobile Devices. Qingdao University, Shandong, China, December 2019.
[2019] Bo Chen. EAGER: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks. The 4th NSF SaTC PI Meeting, Alexandria, VA, USA, October 2019 (poster presentation).
Education:
[2022] The flash memory security knowledge was broadcast to K12 female students in 2022 MTU Women in Computer Science Summer Program (slides).
[2022] The project was integrated into CS5740/4740 (Development of Trusted Software) during Spring 2022 as a special topic on data recovery from malicious attacks (slide).
[2022] The project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2022 as an advanced topic on ransomware defense (slide1, slide2).
[2021] The flash memory security knowledge was broadcast to K12 female students in 2021 MTU Women in Computer Science Summer Program (slides).
[2021] The project was integrated into CS5740 (Development of Trusted Software) during Spring 2021 as a special topic on data recovery from malicious attacks (slide).
[2021] The project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2021 as an advanced topic on ransomware defense (slide1, slide2).
[2020] The project was integrated into CS5740 (Development of Trusted Software) during Spring 2020 as a special topic on data recovery from malicious attacks (slide).
[2020] The project was integrated into MTU CS cybersecurity reading group during Spring 2020 (slide).
[2019] Knowledge relating to the project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2019 as an advanced topic (slide1, slide2).
[2018] Knowledge relating to the project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2018 as an advanced topic (slide1, slide2).
Other educational activities
Outreach:
Outreach activities
CyberCorps®: Scholarship for Service (SFS) Program at Michigan Tech
Funding:
This material is based upon work supported by the National Science Foundation under Grant Number 1938130: "EAGER: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks", 10/2019-09/2022. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
Project Descriptions:
Mainstream mobile computing devices, such as, smart phones and tablets, currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, that can get restored if needed. Such a commonly used "off-device" backup mechanism, however, suffers from a fundamental limitation, namely, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users. The project also provides opportunities for training for graduate students specially from underrepresented minority groups.
A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data backup and recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage's special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks (an introduction video).
Members:
Bo Chen (PI)
Niusen Chen (PhD student)
Wen Xie (PhD student)
Shashank Reddy Danda (MS student)
Other students involved into the project: Josh Dafoe (BS student), Tejaswi Chintapalli (MS student), Deepthi Tankasala (MS student), Brad Hoose (MS student)
Publications:
[2022] Niusen Chen, Josh Dafoe, and Bo Chen. Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. 2022 ACM Conference on Computer and Communications Security (CCS '22) Posters, Los Angeles, CA, November 2022.
[2022] Wen Xie, Niusen Chen, and Bo Chen. Enabling Accurate Data Recovery for Mobile Devices against Malware Attacks. 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm '22), Kansas City, Missouri, October 2022 (Acceptance rate: 31.7%).
[2022] Niusen Chen, and Bo Chen. Duplicates also Matter! Towards Secure Deletion on Flash-based Storage Media by Removing Duplicates. The 17th ACM ASIA Conference on Computer and Communications Security (ASIACCS '22), Nagasaki, Japan, May 30 - June 3, 2012 (Acceptance rate: 18.4%).
[2022] Niusen Chen, and Bo Chen. Defending against OS-level Malware in Mobile Devices via Real-time Malware Detection and Storage Restoration. Journal of Cybersecurity and Privacy 2, no. 2 (2022): 311-328.
[2021] Niusen Chen, Wen Xie, and Bo Chen. Combating the OS-level Malware in Mobile Devices by Leveraging Isolation and Steganography. The Second ACNS Workshop on Secure Cryptographic Implementation (SCI '21)(in conjunction with ACNS '21), Kamakura, Japan, June 2021.
[2020] Wen Xie, Niusen Chen, and Bo Chen. Incorporating Malware Detection into The Flash Translation Layer. 2020 IEEE Symposium on Security and Privacy (S&P '20) Poster Session, San Francisco (online), CA, May 2020.
[2019] Peiying Wang, Shijie Jia, Bo Chen, Luning Xia and Peng Liu. MimosaFTL: Adding Secure and Practical Ransomware Defense Strategy to Flash Translation Layer. The Ninth ACM Conference on Data and Application Security and Privacy (CODASPY '19), Dallas, TX, USA, March 2019 (Acceptance rate: 23.5%).
[2017] Kul Prasad Subedi, Daya Ram Budhathoki, Bo Chen, and Dipankar Dasgupta. RDS3: Ransomware Defense Strategy by Using Stealthily Spare Space. The 2017 IEEE Symposium Series on Computational Intelligence (SSCI '17), Hawaii, USA, Nov. 27 - Dec. 1, 2017.
[2017] Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia. Supporting Transparent Snapshot for Bare-metal Malware Analysis on Mobile Devices. 2017 Annual Computer Security Applications Conference (ACSAC ’17), Orlando, Florida, USA, December 2017 (Acceptance rate: 19.7%) (Distinguished Paper Award).
Technical Reports:
[2022] Deepthi Tankasala, Niusen Chen, and Bo Chen. Creating A Testbed for Flash Memory Research via LPC-H3131 and OpenNFM – Linux Version. Technical report, MTU CS Department, June 2022 (Video guide).
[2020] Deepthi Tankasala, Niusen Chen, and Bo Chen. A Step-by-step Guideline for Creating A Testbed for Flash Memory Research via LPC-H3131 and OpenNFM. Technical report, MTU CS Department, July 2020 (Video guide).
Datasets:
Malware I/O Traces On Nand flash (MITON) (latest version: V0.2)
Tools:
FDRecovery: an open-sourced Forensic Data Recovery tool developed by SnP lab in Python.
FFRecovery: an open-sourced ransomware/malware defense tool developed by SnP lab. The tool can enable recovery of the data corrupted by ransomware/malware, in a fine-grained per-file manner (check out our paper). mobiDR: The softwar can enable accurate data recovery (whole-disk) for mobile devices against malware attacks (check out our paper).
Presentations:
[2022] Niusen Chen. Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. 2022 ACM Conference on Computer and Communications Security (CCS '22) Poster Session, Los Angeles, CA, November 2022.
[2022] Niusen Chen. Enabling Accurate Data Recovery for Mobile Devices against Malware Attacks (presentation video. 18th EAI International Conference on Security and Privacy in Communication Networks (virtual conference), October 2022.
[2022] Josh Dafoe. Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction. Computing[MTU] Showcase Poster Session, Houghton, MI, October 2022.
[2022] Niusen Chen. Enabling Accurate Data Recovery for Mobile Devices against Malware Attacks. MTU CS cybersecurity reading group, September 2022.
[2022] Bo Chen. Towards Data Protection in Flash-based Storage Media, 2022 Flash Memory Summit, Santa Clara, CA, USA, August 2022.
[2022] Bo Chen. Incorporating Malware Detection into The Flash Translation Layer. The Fifth ACSIC Symposium on Frontiers in Computing (SOFC), Chicago, IL, USA, August 2022. (poster presentation).
[2022] Bo Chen. EAGER: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks. The 5th NSF SaTC PI Meeting, Arlington, VA, USA, June 2022 (poster presentation).
[2022] Niusen Chen. Incorporating Malware Detection into The Flash Translation Layer. Computing[MTU] Showcase Poster Session, Houghton, MI, Apri 2022.
[2021] Niusen Chen. Combating the OS-level Malware in Mobile Devices by Leveraging Isolation and Steganography (video). The Second ACNS Workshop on Secure Cryptographic Implementation (SCI '21), June 2021.
[2021] Wen Xie. MobiDR: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks. MTU CS cybersecurity reading group, April 2021.
[2020] Wen Xie. Incorporating Malware Detection into The Flash Translation Layer. IEEE S&P, May 2020 (poster, preview-video).
[2019] Bo Chen. Enabling Data Recovery from Malicious Attacks in Mobile Devices. Ocean University of China, Shandong, China, December 2019.
[2019] Bo Chen. Enabling Data Recovery from Malicious Attacks in Mobile Devices. Qingdao University, Shandong, China, December 2019.
[2019] Bo Chen. EAGER: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks. The 4th NSF SaTC PI Meeting, Alexandria, VA, USA, October 2019 (poster presentation).
Education:
[2022] The flash memory security knowledge was broadcast to K12 female students in 2022 MTU Women in Computer Science Summer Program (slides).
[2022] The project was integrated into CS5740/4740 (Development of Trusted Software) during Spring 2022 as a special topic on data recovery from malicious attacks (slide).
[2022] The project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2022 as an advanced topic on ransomware defense (slide1, slide2).
[2021] The flash memory security knowledge was broadcast to K12 female students in 2021 MTU Women in Computer Science Summer Program (slides).
[2021] The project was integrated into CS5740 (Development of Trusted Software) during Spring 2021 as a special topic on data recovery from malicious attacks (slide).
[2021] The project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2021 as an advanced topic on ransomware defense (slide1, slide2).
[2020] The project was integrated into CS5740 (Development of Trusted Software) during Spring 2020 as a special topic on data recovery from malicious attacks (slide).
[2020] The project was integrated into MTU CS cybersecurity reading group during Spring 2020 (slide).
[2019] Knowledge relating to the project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2019 as an advanced topic (slide1, slide2).
[2018] Knowledge relating to the project was integrated into CS5472 (Advanced Topics in Computer Security) during Spring 2018 as an advanced topic (slide1, slide2).
Other educational activities
Outreach:
Outreach activities
CyberCorps®: Scholarship for Service (SFS) Program at Michigan Tech
Funding:
This material is based upon work supported by the National Science Foundation under Grant Number 1938130: "EAGER: Enabling Secure Data Recovery for Mobile Devices against Malicious Attacks", 10/2019-09/2022. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.