Active Awards (sorted by PI)
Bo Chen
Amount: $25,800
Sponsor: Michigan Tech Research Excellence Fund
Awarded: September 2022
Co-PI's: Zhenlin Wang
Amount: $598,416
Sponsor: National Science Foundation
Awarded: August 2022
Amount: $265,818
Sponsor: National Science Foundation
Awarded: August 2019
Xinyu Lei
Amount: $174,855
Sponsor: National Science Foundation
Awarded: February 2022
Ronghua Xu
Amount: $6,000
Sponsor: GLRC/ICC
Awarded: December 2023
Select Past Awards
PI: Bo Chen, CyberS, CS
Sponsor: National Science Foundation
Award: $199,975 | 2 Years
Awarded: July 2019
Abstract: Mainstream mobile computing devices like smart phones and tablets currently rely
on remote backups for data recovery upon failures. For example, an iPhone periodically
stores a recent snapshot to iCloud, and can get restored if needed. Such a commonly
used “off-device” backup mechanism, however, suffers from a fundamental limitation
that, the backup in the remote server is not always synchronized with data stored
in the local device. Therefore, when a mobile device suffers from a malware attack,
it can only be restored to a historical state using the remote backup, rather than
the exact state right before the attack occurs. Data are extremely valuable for both
organizations and individuals, and thus after the malware attack, it is of paramount
importance to restore the data to the exact point (i.e., the corruption point) right
before they are corrupted. This, however, is a challenging problem. The project addresses
this problem in mobile devices and its outcome could benefit billions of mobile users.
A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage’s special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks.