Security Services in Open Telecommunications Networks

Award #: 0905447
Amount Awarded: $594,941
Sponsoring Organization:NSF (CNS)
Grant Period:09/15/2009-08/31/2012
Primary Investigator(s): Patrick McDaniel

Abstract

The nature of telecommunications networks is rapidly changing. Commodity smart mobile phone frameworks such as Android and Openmoko invite developers and end users to build applications, modify the behavior of the phone, and use network services in novel ways. However, while simultaneously spurring incredible innovation, the move to open systems alters the underlying performance and security assumptions upon which the network was designed. Such changes invite vulnerabilities ranging from merely vexing phone glitches to catastrophic network failures. The current infrastructure lacks the basic protections needed to protect an increasingly open network, and it is unclear what new stresses and threats open systems and services will introduce. This research analytically and experimentally investigates defensive infrastructure addressing vulnerabilities in open cellular operating systems and telecommunications networks. In this, we are exploring the requirements and design of such defenses in three coordinated efforts; a) extending and applying formal policy models for telecommunication systems, and provide tools for phone manufacturer, provider, developer, and end-user policy compliance verification, b) building a security-conscious distribution of the open-source Android operating system, and c) explore the needs and designs of overload controls in telecommunications networks needed to absorb changes in mobile phone behavior, traffic models, and the diversity of communication end-points. This research symbiotically supports educational goals at the constituent institutions by supporting graduate and undergraduate student research, and is integral to the security and network curricula. This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5).

Related Research Projects

Mobile Phones

Related Publications

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010. Vancouver, BC, Canada.

Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel. Semantically Rich Application-Centric Security in Android. Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC), December 2009. Honolulu, HI. (best paper). [pdf]

William Enck, Machigar Ongtang, and Patrick McDaniel. On Lightweight Mobile Phone Application Certification. Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), November 2009. Chicago, IL. [pdf]

William Enck, Machigar Ongtang, and Patrick McDaniel, Mitigating Android Software Misuse Before It Happens. Technical Report NAS-TR-0094-2008, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, September 2008. Updated November 2008. [pdf]

William Enck, Machigar Ongtang, and Patrick McDaniel, Understanding Android Security. IEEE Security & Privacy Magazine, 7(1):50--57, January/February, 2009.