Endpoint

4/18/2018
11:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DHS Helps Shop Android IPS Prototype

A MITRE-developed intrusion prevention system for mobile technology is showcased here this week at the RSA Conference.

RSA CONFERENCE 2018 – San Francisco – Tucked away in one of the large exhibit halls here this week was the US Department of Homeland Security, which among other things was showcasing a prototype intrusion prevention system (IPS) for mobile devices.

The IPS, developed by a researcher at MITRE nearly three years ago, is a patented tool for Android mobile devices that operates like a traditional network or host-based IPS, blocking malicious incoming and outgoing IPv4 network traffic attempting to come and go from the Android. The prototype, called APE, is in the form of a mobile app, and uses deep packet inspection to filter the network traffic from cellular and Wi-Fi networks.

Nadia Carlsten, program manager for DHS's Transition to Practice (TTP) program, says MITRE's APE prototype was selected as a promising federally funded cybersecurity project under the TTP program. DHS's TTP facilitates the adoption of technologies, helping spur adoption via partnerships, product development, marketing strategies, and by helping accelerate commercialization of the research. It includes funding, training, mentorship, and a connection to the private sector. APE was picked for DHS's TTP program in May of 2017.

"We're actually doing all the steps that it takes to get [a] product commercially viable including partnering with industry and the inventory community, getting them to rally around the technology, help with development of the technology, and get this product to market so people can buy it, including government agencies," said Carlsten, who is with the DHS Science and Technology Directorate, under the Homeland Security Advanced Research Projects Agency.

Mark Mitchell, lead multi-discipline systems engineer at MITRE and the creator of APE, says his concept for the IPS came from what he saw as a gap in mobile attack intelligence. "I was looking at ways to monitor devices … or a honeypot to infer the probabilities of a given attack vector," he said. "I sort of had this 'aha' moment, of well, I have the traffic here on the device, so rather than logging it and analyzing it after the fact, why don't I just block it if I recognize it's malicious? And that was the beginning of APE."

APE relies on a set of rules for identifying malicious behavior, and includes signatures and behavior-based analysis and filtering, Mitchell said.

MITRE's Mitchell ultimately hopes to license APE to a vendor that would then build it out as a product for mobile security. He hopes to get firms to test and evaluate the IPS in the meantime. As a research arm, MITRE doesn't sell products itself.

APE can work alongside mobile device management software, he says, and could eventually be offered as an app in the Google Play store if it becomes an official product.

He picked Android as a start for the mobile IPS prototype, but believes the APE could also work in theory on an iOS - or even an IoT device - as well. APE isn't quite baked yet, either: "It continues to evolve," he says, including as a tool to protect mobile user privacy online, as well as enhancing it with machine learning.

Related Content:

 

 

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8358
PUBLISHED: 2019-02-16
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
CVE-2019-8354
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2019-8355
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
CVE-2019-8356
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
CVE-2019-8357
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.