CyberS Research

Amount: $25,800

Sponsor: Michigan Tech Research Excellence Fund

Awarded: September 2022

Co-PI's: Zhenlin Wang

Amount: $598,416

Sponsor: National Science Foundation

Awarded: August 2022

Amount: $265,818

Sponsor: National Science Foundation

Awarded: August 2019

 

Amount: $174,855

Sponsor: National Science Foundation

Awarded: February 2022

Amount: $287,667.00

Sponsor: National Science Foundation

Length: 2 years

Amount: $6,000

Sponsor: GLRC/ICC

Awarded: December 2023

Amount: $199,870

Sponsor: National Science Foundation

Length: 2 years

Amount: $240,000

Sponsor: National Science Foundation/Kennesaw State University

Length: 1 year

PI: Bo Chen, CyberS, CS
Sponsor: National Science Foundation
Award: $199,975 | 2 Years
Awarded: July 2019
Abstract: Mainstream mobile computing devices like smart phones and tablets currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, and can get restored if needed. Such a commonly used “off-device” backup mechanism, however, suffers from a fundamental limitation that, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users.

A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage’s special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks.

Read an article about this research.