William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

Slides:



Advertisements
Similar presentations
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.
Advertisements

Android architecture overview
Android Platform Overview (1)
Mobile Security: Android Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
1 William Enck, Damien Octeau, Patrick McDaniel, Swarat Chaudhuri System and Internet Infrastructure Security Laboratory Department of Computer Science.
DEPARTMENT OF COMPUTER ENGINEERING
Mobile Application Development
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
DYNAMIC DATA TAINTING AND ANALYSIS. Roadmap  Background  TaintDroid  JavaScript  Conclusion.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.
JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Android Introduction Platform Overview.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Android Introduction Based on slides made by
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)
박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST)
TAINTDROID: AN INFORMATION- FLOW TRACKING SYSTEM FOR REAL-TIME PRIVACY MONITORING ON SMARTPHONES Presented by: Mohsin Junaid Date: April-17, 2013.
D2Taint: Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources Boxuan Gu, Xinfeng Li, Gang Li, Adam C. Champion,
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,
Arpit Jain Mtech1. Outline Introduction Dalvik VM Java VM Examples Comparisons Experimental Evaluation.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.
ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.
A Presentation Of TaintDroid & Related Topics
University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,
Beyond Kernel-level Integrity Measurement: Enabling Remote Attestation for the Android Platform Mohammad Nauman, Sohail Khan, Xinwen Zhang, Jean- Pierre.
Roopa.T PESIT, Bangalore. Source and Credits Dalvik VM, Dan Bornstein Google IO 2008 The Dalvik virtual machine Architecture by David Ehringer.
Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
ANDROID BY:-AANCHAL MEHTA MNW-880-2K11. Introduction to Android Open software platform for mobile development A complete stack – OS, Middleware, Applications.
Created By. Jainik B Patel Prashant A Goswami Gujarat Vidyapith Computer Department Ahmedabad.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Hui Xu, Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R. Lyu
1 Android Introduction Platform Overview. 2 What is Android?  Android is a software stack for mobile devices that includes an operating system, middleware.
Chapter 11: Advanced Inheritance Concepts. Objectives Create and use abstract classes Use dynamic method binding Create arrays of subclass objects Use.
VMM Based Rootkit Detection on Android
Introduction to Objects and Encapsulation Computer Science 4 Mr. Gerb Reference: Objective: Understand Encapsulation and abstract data types.
1 Android Workshop Platform Overview. 2 What is Android?  Android is a software stack for mobile devices that includes an operating system, middleware.
Information flow Landon Cox April 1, Information flow Crucial goal of secure system –Prevent inappropriate information flows –Can model “appropriateness”
DeepDroid Dynamically Enforcing Enterprise Policy Manwoong (Andy) Choi
Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.
Accelerometer based motion gestures for mobile devices Presented by – Neel Parikh Advisor Committee members Dr. Chris Pollett Dr. Robert Chun Dr. Mark.
Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University.
ANDROID OS Ravi Soni MTech (CS) III Sem. W HAT IS A NDROID ? Android is a software stack for mobile devices that includes an operating system, middleware.
CopperDroid Logan Horton. Android - Background Android is complicated to analyse due to having 2 places to check for code execution Normally, code is.
ANDROID ACCESS CONTROL Presented by: Justin Williams Masters of Computer Science Candidate.
Google. Android What is Android ? -Android is Linux Based OS -Designed for use on cell phones, e-readers, tablet PCs. -Android provides easy access to.
Authors: William Enck & Patrick McDaniel In collaboration with: Duke University and Intel Labs Presentation: Ed Novak 1.
Computer System Structures
Multi-level information - flow tracking system for Android Runtime
Visit for more Learning Resources
Understanding Android Security
Heitor Moraes, Marcos Vieira, Italo Cunha, Dorgival Guedes
Dynamic information-flow tracking
CASE STUDY 1: Linux and Android
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.
CMPE419 Mobile Application Development
Mobile Handset Virtual Machine
Android Introduction Platform Mihail L. Sichitiu.
Understanding Android Security
Android Platform, Android App Basic Components
Mobile Programming Dr. Mohsin Ali Memon.
CMPE419 Mobile Application Development
Presentation transcript:

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth Presented by: Yang Sun Jiayan Guo

Smartphone Platform Market Share

SMARTPHONE PRIVACY https://flic.kr/p/7ZRTUP

Question: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, guess how much of them misuse users’ private information?

Question: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, guess how much of them misuse users’ private information? 20

Monitoring Smartphone Behavior There are tens of thousands of smartphone apps that provide both fun and valuable utility. General challenge: balance fun and utility with privacy Step: “look inside” of applications to watch how they use privacy sensitive data location phone identifiers microphone camera address book

Challenges Goal: Monitor app behavior to determine when privacy sensitive information leaves the phone. Challenges … Smartphones are resource constrained Third-party applications are entrusted with several types of privacy sensitive information Context-based privacy information is dynamic and can be difficult to identify even when sent in the clear Applications can share information

Dynamic Taint Analysis Dynamic taint analysis is a technique that tracks information dependencies from an origin. Conceptual idea: Taint source Taint propagation Taint sink

Approach to Taint Tracking A novel, efficient, system-wide, multiple-marking, taint tracking design by combining multiple granularities of information tracking. Variable-level: VM interpreter provide variable-level tracking within untrusted application code. Method-level: System-provide native libraries. Message-level: Message-level tracking between applications. File-level: file-level tracking to ensure persistent information conservatively retains its taint markings.

Continue

Architecture of Android System

Tracking System Dalvik VM Interpreter: Dalvik EXecutable (DEX) byte code is a register-based machine language. The Dalvik VM interpreter manages method registers with an internal execution state stack. Native Method: Native methods are written in C/C++ and expose functionality provided by the underlying Linux kernel and services. They can also access Java internals, and hence are including in our trusted computing base. Binder IPC:All Android IPC occurs through binder. Binder is a component-based processing and IPC framework designed for BeOS, extended by Palm Inc., and customized for Android by Google. Each application executes within its Dalvik VM interpreter instance.

TaintDroid TaintDroid is a realization of our multiple granularity taint tracking approach within Android.

Implementing challenges of TaintDroid architecture a) Taint tag storage b) Interpreted code taint propagation c) Native code taint propagation d) IPC taint propagation e) Secondary storage taint propagation

Taint Tag Storage Modified the Dalvik VM interpreter to store and propagate taint tags (a taint bit-vector) on variables. Local variables and args: taint tags stored adjacent to variables on the internal execution stack. 64-bit variables span 32-bit storage Class fields: similar to locals, but inside static and instance field heap objects Arrays: one taint tag per array to minimize overhead

DEX Taint Propagation Logic

Example

val <- tval (tval=1)

Continue

Native Code Taint Propagation Rules: 1) all accessed external variables are assigned taint tags. 2) the return values is assigned a taint tag. JNI Methods:JNI methods are invoked through the JNI call bridge. TaintDroid uses a combination of heuristics and method profiles to patch VM tracking state. A method profile is a list of(from, to) pairs indicating flows between variables, which may be method parameters, class variables, or return values. The heuristic is conservative for JNI methods that only operate on primitive and String arguments and return values.

IPC and File Propagation TaintDroid uses message-level taint tracking. A message taint tag represents the upper bound of taint markings assigned to variables contained in the message. Persistent storage tracked at the file level. The design stores one taint tag per file. The taint tag is updated on file write and propagated to data on file read.

Privacy Hook Placement Low-bandwidth Sensors: we placed hooks in Android’s LocationManager and SensorManager applications High-bandwidth Sensors: we placed hooks for both data buffer and file tainting for tracking microphone and camera information. Information Databases: address book, SMS storage Device Identifiers: the phone number, SIM card identifiers (IMSI, ICC-ID), and device identifier (IMEI) Network Taint Sink: Our privacy analysis identifies when tainted information transmits out the network interface.

Experimental setup 2010 Android Market 1,100 apps 358 of 1,100 required Internet permissions Most popular 50 of 358(8.4%) from 12 categories Randomly select 30 out of 50

Application Study Selected 30 applications with bias on popularity and access to Internet, location, microphone, and camera.

Result

Findings - Phone Identifiers 7 applications sent device (IMEI) and 2 apps sent phone info (Ph. #, IMSI*, ICC-ID) to a remote server without informing the user. one application transmits the phone information every time the phone boots. This application transmits the phone data immediately after install, before first use. One application displays a privacy statement that clearly indicates that the application collects the device ID. other uses the hash of the IMEI instead of the number itself.

Findings -Location 15 of the 30 applications shared physical location with an ad server (admob.com, ad.qwapi.com, ads.mobclix.com, data.flurry.com) Exposure of location information occurred both in plaintext (11) and in binary format (4).

Performance Evaluation

Limitations Approach limitations: TaintDroid only tracks data flows (i.e., explicit flows) and does not track control flows (i.e., implicit flows) to minimize performance overhead. Taint Source Limitations: While TaintDroid is very effective for tracking sensitive information, it causes significant false positives when the tracked information contains configuration identifiers

Summary TaintDroid provides efficient, system-wide, dynamic taint tracking and analysis for Android. We found 20 of the 30 studied applications to share information in a way that was not expected.

Demo Demo available at http://youtu.be/qnLujX1Dw4Y

Q&A Questions?

Thank You THANK YOU!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.