12th International Symposium on Digital Forensics and Security, ISDFS 2024, Texas, Amerika Birleşik Devletleri, 29 - 30 Nisan 2024
Sandboxing has been a common practice to isolate apps from each other and protect the overall system from malicious software. With the proliferation and increased accessibility of mobile devices, mobile malware has become more insidious and erratic. Thus, sandboxes are facing the threat of being less effective at detecting malware. This paper has the aim of describing the evolution of mobile sandboxes and proposing an improved approach for advanced sandbox architecture to decrease the possibility of sandbox evasion. Building smart sandboxes is becoming indisputably important for mobile security. Today, mobile malware can perform malicious activities rather easily since sandboxes are not good enough to mimic the behaviour of a real user mobile device. Therefore, detecting malware to halt it's malicious activities is hard but important to protect mobile devices. However, building a smart sandbox environment which behaves as if it were a real user device to trick malware is more valuable based on logic of zero-trust. Two notable challenges have been considered in this study: recognition of typical sandbox environments and evasion techniques adopted by malware through the detection of lack of user activities within sandboxes. This study examines current mobile sandboxing techniques, specifies the requirements to propose a trustworthy mobile sandbox methodology which deals with lack of real user behavior and overcomes the risk of sandbox evasion. With proposed smart sandbox architecture, environmental awareness of malware would be reduced and defense against advanced mobile malware attacks will be strengthened.