Sensitive information are extensively stored and handled in users’ mobile devices that sets challenges in terms of information security. One of the main targets of malicious mobile applications is to steal sensitive information. Mobile devices need tools and mechanisms to provide visibility how applications access sensitive system resources and handle information. Security assessment for a randomly selected application in a resource-constrained mobile environment requires an overall understanding of the target system and might involve a significant amount of work for selecting a suitable monitoring method. This thesis presents two extensions on top of general purpose instrumentation tools. The instrumentation tools and developed extensions are executed on a Linux-based mobile device in order to monitor the behavior of applications.
An application monitor extension is used for providing an overview of system resource usage by monitored application. Network monitor extension is used for analyzing content of the network traffic in real-time for selected application layer protocols. Additionally application layer data is monitored from intercepted secure connections based on user defined keywords. Developed instrumentation extensions were successfully used in a Linux-based mobile device to monitor applications’ resource access and sensitive information from outbound network traffic. The approach selected for real-time network traffic analysis provided promising results while not causing significant performance problems for the mobile device.
Harri Luhtala (University of Oulu): Instrumentation of Linux-based Mobile Device