PI: Patrick Traynor (Traynor@cc.gatech.edu) Co-PI: Jonathon Giffin (giffin@cc.gatech.edu)
Mobile phones have traditionally provided a limited set of telephony operations. However, the recent and rapid introduction of complex operating systems, sophisticated user interfaces and connectivity with the Internet has transformed these systems into highly capable general-purpose computing platforms. Unfortunately, the software implementing these systems often lacks even basic security protections. In this project, we will investigate the impact of an immature and vulnerable software infrastructure on both mobile devices and the cellular network core. Characterizing and responding to the threats is critical, especially given that the security models of cellular networks are designed around the assumption of highly limited user devices. We plan first to create Caegis, an in situ set of tools for ARM code analysis and over-the-air cellular phone fuzzing to help manufacturers improve the quality of their software and reduce its susceptibility to malware. We will then focus on basic mechanisms for Remote Repair, which will allow the network to help a device reboot to a known safe state. The development of these two tools, in combination with improved characterizations of the impact of malware, will significantly improve the security provided to this piece of critical infrastructure. Moreover, this project will help students in both independent research and a related class to gain hands-on experience with security research on our Alcatel-Lucent IMS network core.
