MIRES (Mobile Applications Intrusion REcovery Service) is an intrusion recovery service for mobile applications that use Backend-as-a-Service, e.g., Google's Firebase. The recovery is done online, mostly in parallel with the normal functioning of the application, to increase availability, on the contrary of what offline recovery mechanisms do. Moreover, although most applications still use a single backend data store (e.g., a database), many recent applications are starting to use more than one (e.g., a database and a file store), so MIRES supports multi-service recovery. Finally, MIRES supports a form of client-side recovery in the mobile device to allow users to recover from mistakes.
For more information regarding MIRES please visit https://www.gsd.inesc-id.pt/~mpc/pubs/MIRES__Diogo_Vaz_.pdf
These instructions will get you a copy of the project up and running on your local machine.
- Basic knowledge on Firebase and Android Java development
- Firebase console installed
- NPM installed
- Go to https://firebase.google.com/ and create a Firebase project (this will be MIRES container);
- Initiate the Firestore database (europe-west2);
- Change the MIRES Firebase project pricing plan to Blaze (pay-as-you-go);
- Go to the root folder of MIRES (the folder that contains the package.json file) and run
npm installto install the dependencies; - Get the service account key from MIRES Project and save the file in
MIRES components/Configurationwith the nameMIRESAccountKey(https://stackoverflow.com/questions/40799258/where-can-i-get-serviceaccountcredentials-json-for-firebase-admin); - Go to Firebase and create another Firebase project (this will be the Application container);
- Get the service account key from the Application project and save the file in
MIRES components/Configurationwith the nameAPPAccountKey; - Go to file
/MIRES components/Configuration/initializeAdmins.jsand update the APPadmin storageBucker property with the url of the Application Firebase storage; - Finally you can run
npm run start-admin-consoleto initiate the console and access the interface using the urlhttp://localhost:4000(you can also runnpm run start-user-recovery-moduleto start the Users Recovery module that will run on port 5000. However, this module does not have an interface);
- Go to the Application Firebase project and create the Firestore database (europe-west2);
- Add the security rules on file
/Mobile Application components/SecurityRules/SecurityRules.txtto the Firestore Security Rules; - Enable Email/Password authentication model on the Application Firebase project;
- Add the android application (
/Mobile Application example/Hify) to the Application Firebase project; - Copy file
/MIRES components/Configuration/MIRESAccountKey.jsonto/Mobile Application example/Hify/functions; - Go to file
/Mobile Application/Hify/.firebasercand change the default property with the Firebase Application project Id; - Change the Application Firebase project pricing plan to Blaze (pay-as-you-go);
- Got to folder
/Mobile Application example/Hifyand runfirebase deploy --only functionsto deploy the cloud functions; - Now, you can start recovering the application! In the begginning, when recovering an action, some errors will appear "The query requires an index". Just copy the provided url and create the indexes;
Feel free to contact me if you have any question about the project!
#####################################################################
The configuration of the Mobile Application example allows the following actions:
-
Administrator Recovery:
- Recover the creation of users;
- Recover login actions;
- Recover the creation of text and image posts;
- Recover the deletion of (only) text posts;
-
User Recovery:
- Recover the creation of text and image posts;
- Recover the deletion of (only) text posts;
-
Snapshot Process:
- Applied to the Users collection, where logins create new version of the documents;
-
Multi-Service Recovery:
- Recover the creation of users;
- Recover the creeation of image posts;
FINAL NOTES:
- Firebase is constantly updating, meaning that, beyond the previous steps, other actions may be necessary.
#####################################################################
- [NodeJs] - development (https://nodejs.org/)
- [Firebase] - storing logs, snapshots and the protected application (https://firebase.google.com/)
- [Socket.IO] - communication between frontend and backend (https://socket.io/)
- Diogo Vaz - development - Github
This project is licensed under the MIT License - see the LICENSE.md file for details
- Dr. David Matos - CoAuthor of the article
- Prof. Miguel Pardal - CoAuthor of the article
- Prof. Miguel Correia - CoAuthor of the article