부산대학교 도서관

The Backend-as-a-Service (BaaS) cloud computing model supports many modern popular mobile applications because it simplifies the development and management of services such as data storage, user authentication, and notifications. However, vulnerabilities and other issues may allow malicious actions on the client side to have impact on the backend, i.e., to corrupt the state of the application in the cloud. To deal with these attacks – after they occur and are successful – it is necessary to remove the direct effects of malicious requests and the effects derived from later operations on corrupted data. We introduce MIRES, the first intrusion recovery service for mobile applications based on the BaaS model. MIRES uses a two-stage recovery process that restores the integrity of the mobile application and minimizes its unavailability. MIRES provides multi-service recovery for applications that use more than one data store. We implemented MIRES for Android and for the Firebase cloud-based BaaS platform. We did experiments on 4 mobile applications which showed that MIRES can revert hundreds to thousands of operations in seconds, with an associated unavailability of the application also in the range of seconds.