Proceedings of the 9th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2011); pages 225-238; Bethesda, Maryland; June 28-July 1, 2011.
The rapid growth of mobile malware necessitates the presence of robust malware detectors on mobile devices. However, running malware detectors on mobile devices may drain their battery, causing users to disable these protection mechanisms to save power. This paper studies the security versus energy tradeoffs for a particularly challenging class of malware detectors, namely rootkit detectors. Specifically, we investigate the security/energy tradeoffs along two axes: attack surface and malware scanning frequency, for both code and data based rootkit detectors. Our findings, based on a real implementation on a phone-like device, reveal that protecting against code-driven attacks is relatively cheap, while protecting against all data-driven attacks is prohibitively expensive. Based on our findings, we determine a sweet spot in the security/energy tradeoff, called the balanced profile, which protects a mobile device against a vast majority of known attacks, while consuming limited amount of extra battery power.
Slides: [ Powerpoint | PDF ]
Code: [ Script for 3G and WiFi workloads and Gibraltar on Xen ]
Patent: [ US Patent 8,566,935 B2 ]
DOI: [ 10.1145/1999995.2000017 ]