Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.

Real-time triggering of Android memory dumps for stealthy attack investigation

Abstract:

Attackers regularly target Android phones and come up withnew ways to bypass detection mechanisms to achieve long-term stealth on a victim's phone. One way attackers do this is by leveraging critical benign app functionality to carry out specific attacks. In this paper, we present a novel generalised framework, JIT-MF (Just-in-time Memory Forensics), which aims to address the problem of timely collection of short-lived evidence in volatile memory to solve the stealthiest of Android attacks. The main components of this framework are i) Identification of critical data objects in memory linked with critical benign application steps that may be misused by an attacker; and ii) Careful selection of trigger points, which identify when memory dumpsshould be taken during benign app execution.The effectiveness and cost of trigger point selection, a corner stone of this framework, are evaluated in a preliminary qualitative study using Telegram and Pushbullet as the victim apps targeted by stealthy malware.Our study identifies that JIT-MF is successful in dumping critical dataobjects on time, providing evidence that eludes all other forensic sources.Experimentation offers insight into identifying categories of trigger points that can strike a balance between the effort required for selection andthe resulting effectiveness and storage costs. Several optimisation mea-sures for the JIT-MF tools are presented, considering the typical resource constraints of Android devices.


Authors: Jennifer Bellizzi; Mark Vella; Christian Colombo; Mark Vella; Christian Colombo; Julio Hernandez-Castro.

Conference: 25th Nordic Conference on Secure IT Systems

Date of Publication: November 2020.

Publisher: Springer.

Slide 1
Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2019 - 2021 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.