Kernel-Level Interception and Applications on Mobile Devices

Michael Becher, Ralf Hund

Technical Report TR-2008-003, Universität Mannheim, May 2008


The techniques of kernel-level system call interception are well known today for many different operating systems. This work starts with transferring these techniques to Windows CE operating systems. Afterwards, two current problems are solved. The first solution uses a technique for dynamic malware analysis with a sandbox approach, extending previous solutions in terms of effectiveness. The second solution enhances the expressiveness of security policies by implementing the concept of a reference monitor on the operating system level. Windows CE based devices are now enabled to enforce sophisticated security policies without the need to change the underlying operating system.


tags: malware analysis, Mobile Security