University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

Slides:

Advertisements

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

Advertisements

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

A new Network Concept for transporting and storing digital video…………

Presented By Abhishek Singh Computer Science Department Kent state University WILLIAM ENCK, MACHIGAR ONGTANG, AND PATRICK MCDANIEL.

Aurasium: Practical Policy Enforcement for Android Applications By Yaoqi USENIX Security Symposium 2012.

Mobile Security: Android Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the last slide.

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

ECOS: Leveraging Software-Defined Networks to Support Mobile Application Offloading Aaron Gember, Christopher Dragga, Aditya Akella University of Wisconsin-Madison.

Smartphone Apps Development Team Weiqing Li Lijun Zhu Man Li.

Richard Yu.  Present view of the world that is: Enhanced by computers Mix real and virtual sensory input  Most common AR is visual Mixed reality virtual.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

Extensible Scalable Monitoring for Clusters of Computers Eric Anderson U.C. Berkeley Summer 1997 NOW Retreat.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 14: Troubleshooting Windows Server 2003 Networks.

DYNAMIC DATA TAINTING AND ANALYSIS. Roadmap  Background  TaintDroid  JavaScript  Conclusion.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Jason Morrill NCOAUG Training Day February, 2008

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

A METHODOLOGY FOR EMPIRICAL ANALYSIS OF PERMISSION-BASED SECURITY MODELS AND ITS APPLICATION TO ANDROID.

MOBILE CLOUD COMPUTING

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)

TAINTDROID: AN INFORMATION- FLOW TRACKING SYSTEM FOR REAL-TIME PRIVACY MONITORING ON SMARTPHONES Presented by: Mohsin Junaid Date: April-17, 2013.

D2Taint: Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources Boxuan Gu, Xinfeng Li, Gang Li, Adam C. Champion,

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Arpit Jain Mtech1. Outline Introduction Dalvik VM Java VM Examples Comparisons Experimental Evaluation.

16-1 The World Wide Web The Web An infrastructure of distributed information combined with software that uses networks as a vehicle to exchange that information.

@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.

Android SMIL Messenger Presented By: Alex Povkov Brad Gardner Jeremy Spitzig Santiago Jamriska.

Smart Phone Laboratory ECEN 489 Srinivas Shakkottai.

Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

A Presentation Of TaintDroid & Related Topics

Roopa.T PESIT, Bangalore. Source and Credits Dalvik VM, Dan Bornstein Google IO 2008 The Dalvik virtual machine Architecture by David Ehringer.

Effective Real-time Android Application Auditing

CS378 - Mobile Computing Intents. Allow us to use applications and components that are part of Android System – start activities – start services – deliver.

An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.

Determina, Inc. Persisting Information Across Application Executions Derek Bruening Determina, Inc.

A Generic Approach to Automatic Deobfuscation of Executable Code Paper by Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, Saumya Debray.

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

Hui Xu, Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R. Lyu

Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.

Automating Configuration Troubleshooting with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn University of Michigan.

IPS Infrastructure Technological Overview of Work Done.

Information flow Landon Cox April 1, Information flow Crucial goal of secure system –Prevent inappropriate information flows –Can model “appropriateness”

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

Resource Optimization for Publisher/Subscriber-based Avionics Systems Institute for Software Integrated Systems Vanderbilt University Nashville, Tennessee.

AppAudit Effective Real-time Android Application Auditing Andrew Jeong

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University.

PRISM: Platform for Remote Sensing using Smart phones {Tathagata Das, Venkata N. Padmanabhan, Ramachandran Ramjee, Asankhaya Sharma } - Microsoft Research.

CopperDroid Logan Horton. Android - Background Android is complicated to analyse due to having 2 places to check for code execution Normally, code is.

Authors: William Enck & Patrick McDaniel In collaboration with: Duke University and Intel Labs Presentation: Ed Novak 1.

Software and Communication Driver, for Multimedia analyzing tools on the CEVA-X Platform. June 2007 Arik Caspi Eyal Gabay.

Multi-level information - flow tracking system for Android Runtime

Understanding Android Security

Boxify: Full-fledged App Sandboxing for Stock Android

Dynamic information-flow tracking

WWW and HTTP King Fahd University of Petroleum & Minerals

Android System Security

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

Sangeun Oh, Hyuck Yoo, Dae R. Jeong, Duc Hoang Bui, and Insik Shin

MobiSys 2017 Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation Qiang Zeng joint work with Lannan.

TriggerScope Towards detecting logic bombs in android applications

Methodologies for Data Preservation in IoT Platform

Ali Razeen, Alvin R. Lebeck, David Liu,

Understanding Android Security

Presentation transcript:

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert, Chun, Cox, Jung, McDanniel, and Sheth in 2010, 9th USENIX Symposium Paper presentation by Hyanglim You Mar 19th

TaintDroid: An Information-Flow Tracking System University of Central Florida Outline Background and Motivation – Threat in Privacy Information – Gathering unnecessary data – Goal & Challenges Dynamic Taint Analysis TaintDroid System – Four level tracking techniques Experiment results & Performance Weaknesses & Improvement Summary 2

TaintDroid: An Information-Flow Tracking System University of Central Florida Threats in Privacy Info. Smartphone App – Permissions – Information & Resources e.g., location, microphone, camera, etc. No guarantee of your privacy information will be safe 3

TaintDroid: An Information-Flow Tracking System University of Central Florida Gathering unnecessary data What do you expect from a WallPaper app? Are you agree a WallPaper app with gathering your phone number, subscriber identifier (e.g., IMSI), and the currently entered voice mail number on the phone? 4 Found by App Genome Project at Blackhat in July /mobile-application-analysis-blackhat/ /mobile-application-analysis-blackhat/ From the reference [4]

TaintDroid: An Information-Flow Tracking System University of Central Florida Goal Want : Use valuable information legitimately (e.g., navigation app uses location info.) Don’t want : Abuse valuable information (e.g., pervious wallpaper app example) Need : Know what applications are doing with private information Goal : Monitor app behavior to find when privacy information leaves the phone. 5

TaintDroid: An Information-Flow Tracking System University of Central Florida Challenge Balance between utility and private risks 6 Problems – Smart phones are constrained by resources. – A number of types of information – Constantly changing information – Applications share their information with one another

TaintDroid: An Information-Flow Tracking System University of Central Florida Dynamic Taint Analysis Basic idea – Tracking information dependencies from the origin Concept – Taint source – Taint sink – Taint propagation i = get_input(); two = 2; j = i + two; send_to_sink(j); 7 From the reference [2]

TaintDroid: An Information-Flow Tracking System University of Central Florida Dynamic Taint Analysis Basic idea – Tracks information dependencies from the origin Concept – Taint source – Taint sink – Taint propagation i = get_input(); two = 2; j = i + two; send_to_sink(j); Tag 8

TaintDroid: An Information-Flow Tracking System University of Central Florida Dynamic Taint Analysis Basic idea – Tracks information dependencies from an origin Concept – Taint source – Taint propagation – Taint sink i = get_input(); two = 2; j = two * i; send_to_sink(j); Tag 9

TaintDroid: An Information-Flow Tracking System University of Central Florida Dynamic Taint Analysis Basic idea – Tracks information dependencies from an origin Concept – Taint source – Taint propagation – Taint sink i = get_input(); two = 2; j = i + two; send_to_sink(j); Tag 10

TaintDroid: An Information-Flow Tracking System University of Central Florida TaintDroid Not an app but an extension to the Android mobile-phone platform to track the flow of privacy sensitive data (system-wide integration) Detect when sensitive data leaves the system via untrusted applications Existing solutions – rely on heavy-weight whole-system emulation Use Android’s VM architecture and integrate several levels of tracking techniques 11

TaintDroid: An Information-Flow Tracking System University of Central Florida Four levels of Tracking Tech. 12 Figure 1: From the original paper

TaintDroid: An Information-Flow Tracking System University of Central Florida Four levels of Tracking Tech. Labeled data 13 Figure 1: From the original paper

TaintDroid: An Information-Flow Tracking System University of Central Florida Variable level Tracking Tracks within VM environment by modifying Dalvik VM interpreter. Dalvik VM instance stores/propagates taint tag on variables Dalvik VM interpreter 14

TaintDroid: An Information-Flow Tracking System University of Central Florida Method level Tracking Applications can execute native methods using the Java Native interface (JNI ) Data flow is propagated by pre-defined method profiles 15

TaintDroid: An Information-Flow Tracking System University of Central Florida Message level Tracking Binder IPC (Inter Process Communication) – a component-based processing and IPC framework Message taint tags are propagated during IPC Binder IPC 16

TaintDroid: An Information-Flow Tracking System University of Central Florida File level Tracking Taint tags may be lost when data is written to a file Stores file taint tags in the extended attributes of the file system and updates/propagates 17

TaintDroid: An Information-Flow Tracking System University of Central Florida Experiment and Findings Setup – 1100 samples of the most popular Android applications – 358 of 1100 required Internet permissions or different sensitive information – Randomly selected 30 of them 18 Findings – Over 1000 TCP connections and 105 TCP connections containing private information – 15 of them were sharing the location with a third party advertisement server without notifying the user

TaintDroid: An Information-Flow Tracking System University of Central Florida Findings (detail) 19 Table3: From the original paper

TaintDroid: An Information-Flow Tracking System University of Central Florida Performance Execution time results of the CaffeineMark 3.0 Benchmark Scores correspond to the number of Java instructions / second This benchmark is useful for relative comparisons Only 14% overhead Memory overhead 4.4% IPC overhead 27% Others App load: 3% (2ms) Address book: (< 20 ms) – 5.5% create, 18% read Phone call: 10% (10ms) Take picture: 29% (0.5s) 20 Figure 5: From the original paper

TaintDroid: An Information-Flow Tracking System University of Central Florida Demo from 21

TaintDroid: An Information-Flow Tracking System University of Central Florida Overall overhead might not be enough Limitations/Weaknesses Approach Limitations: Only tracks data flows (i.e., explicit flows) to minimize performance overhead Taint Source Limitations: False positives can occur when the tracked information contains configuration identifiers 22 IMSI MNC MCC MSIN

TaintDroid: An Information-Flow Tracking System University of Central Florida Improvements Integrate with expert rating systems – to know what the most important privacy information Use machine learning techniques to decide correct taint source Combine with implicit way analysis 23

TaintDroid: An Information-Flow Tracking System University of Central Florida Summary Provides an efficient, system-wide information flow tracking tool that can simultaneously track multiple sources of sensitive data. Integrates four level of taint propagation (variable-level, message-level, method-level, and file-level) to achieve a 14% performance. Found 15 of the 30 applications reported users’ locations to remote advertising servers Updated continually and the source code was opened to the public –

TaintDroid: An Information-Flow Tracking System University of Central Florida [1] Main Paper : William Enck et al., TaintDroid: An Information- Flow Tracking System for RealTime Privacy Monitoring on Smartphones. [2] Dynamic Taint Analysis: analysis-overview.pdf analysis-overview.pdf [3] All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) l=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Far number%3D l=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Far number%3D [4] Demo: Principal References 25

TaintDroid: An Information-Flow Tracking System University of Central Florida 26

TaintDroid: An Information-Flow Tracking System University of Central Florida Notes Most images of the non-relevant techniques (e.g., smartphone image) in this presentation is borrowed from Google image search results Tables and charts is from the main paper 27