dc.description.abstract | In recent years, as the result of the evolution of mobile device technology, newer mobile devices have gained much greater functionality continuously. Especially intelligent devices such as smart phones and personal digital assistants (PDAs) have ability to connect to 3.5G network, and they are equipped with GPS, high-resolution digital camera, WLAN, and Bluetooth in general. These features make devices can exchange information with other devices in many ways, perform more applications, and let users can use them to do more activities. Nowadays the price of them is not so expensive, so the popularity of intelligent devices is increasing quickly. However, the greater functionality gains, the more vulnerabilities on devices may appear. Those vulnerabilities are similar to which already existed in personal computer’s world, including malware threats. Malware includes virus, worm, trojan, spyware, rootkit, and so on. They may smash data on the device, monitor the user’s activities, steal important information, exhaust system resources, and generate more costs. Therefore, it is necessary to develop detecting and protecting approaches to enhance mobile devices’ security.
Currently the most common operating systems used by mobile devices are iPhone, Android, Windows Mobile, and Symbian. The Windows Mobile system is based on Windows CE developed by Microsoft. Windows CE provides a subset of Win32 API which exists in desktop versions of Windows. This makes applications on desktop Windows compatible to Windows CE. The executable file format used on Windows CE is also Portable Executable as Windows NT-based system, therefore many traditional malware techniques can be ported to Windows CE easily. We aim at Windows Mobile devices and propose a kernel-mode file operation monitoring methods which can filter relative APIs to file operations in kernel space to prevent virus spreading.
| en_US |