Reducing Security Risks of Suspicious Data and Codes Through a Novel Dynamic Defense Model

Abstract

A remarkable characteristic of the modern operating system is open, which means that we can download data or execute codes from any Internet sources whether they are trusted or not. Therefore, there is a contradict situation when we want to use these data or codes as well as keep the system secured. Despite decades of studies and experiences on this problem, it is still assumed as a great challenge. This paper presents a novel dynamic defense model (DDM) to reduce security risks brought by these suspicious data or codes for the open operating systems. DDM is a high-level security defense abstraction with four key components: dynamic label marking, dynamic label tracking, dynamic label modulating, and run-time controlling. With these components, DDM achieves the full, dynamic, and real-time security protection in the whole life cycle of the operating system. We also practically implemented a prototype system named DDDroid on Android. We constructed a mixed experimental dataset with 30 malware samples and 970 benign applications to test the defense effects of DDDroid. DDDroid detects 97% of the malware samples that have malicious actions and blocks these actions with a negligible false positive on legal actions. We also demonstrated that DDDroid is an effective system, which prevents sensitive data from being leaked by suspicious applications deliberately or by users unintentionally through some sample experiments. What is more, with extensive evaluations, DDDroid is proved to be a system with low-performance overhead and limited memory consumption.