The main objective of the proposed research to safeguard reliability and dependability of an incident response program on a mobile phone under attack without trusting the operating system.
Existing incident response tools either thrust the OS on the attacked device or external hardware facility. Due to its large attack surface, the OS in the mobile phone can be compromised. Malware with the kernel privilege can be disable and tamper with incident response programs. External hardware tools are disruptive. Their applications may lead to critical data loss or attack scene mutation.
The outcomes are techniques to securely and reliably launch and run an incident response procedure within the compromised mobile phone. Even though the underlying OS is not trustworthy, the incident response procedure still functions as expected.
Practical applications include memory data recovery on external storage; distress signal delivery to a remote monitor server; remote command reception and execution.