Presentation is loading. Please wait.

Presentation is loading. Please wait.

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

Published byPhilomena Kelley Modified over 6 years ago

Similar presentations

Presentation on theme: "TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha."— Presentation transcript:

1 TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime
Sadiq Basha

2 Paper Information TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime CCS '16 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security Authors: Mingshen Sun The Chinese University of Hong Kong, Hong Kong, Hong Kong Tao Wei Baidu, Inc., Beijing, China John C.S. Lui The Chinese University of Hong Kong, Hong Kong, Hong Kong

3 Motivation Android Malware Stats
In 2016, Kaspersky Lab detected the following: 8,526,221 malicious installation packages 128,886 mobile banking Trojans 261,214 mobile ransomware Trojans

4 Motivation Historical privacy violation problem with android software
Problem exacerbated by smartphones Almost ubiquitously store private information Monetization pressures to detriment of user privacy Current privacy control methods arguably inadequate Idea: Can’t change the current system without repercussions Instead, create a method to audit untrusted applications Execution: Must be able to detect potential misuses of private information, and be fast enough to be usable

5 Dynamic taint analysis
Technique that tracks information dependencies from an origin Labels i.e. taint is given to sensitive data from certain sources handle label transitions (taint propagation) between variables, files, and procedures at runtime a tainted label transmit out of the device through some functions (sinks) data leakage A Applications Detect & Prevent attacks information policy enforcement testing in software engineering data lifetime and scope analysis B D C

6 TaintART Dynamic information-flow tracking system, targeting latest ART (Android Run-Time) TaintDroid was designed for the legacy Dalvik environment Multi-level taints labelling to identify the sensitive levels Uses processor registers for taint storage Requires just registers accesses to achieve faster taint propagation vs. TaintDroid

7 System Design

8 Dalvik vs ART Dalvik environment
source code -> dex bytecode -> optimized dex bytecode -> run ART environment source code -> dex bytecode -> compiled native code -> run

9 TaintART Architecture
Compiler at the installation stage Runtime in the runtime stage

10 Floating point registers
Taint Tag Storage TaintART prototype is built on Google Nexus 5 R5 register is reserved for taint storage Nexus 5 contains a vector floating-point coprocessor, So from S0 to S15 is for floating point registers S15 ….. S4 S3 S2 S1 S0 R15 R4 R3 R2 R1 R0 R5 1 Floating point registers Regular registers

11 Taint Propagation Logic
Clear destination bit Masking tainted bit Shifting bits Merging tainted bits

12 Content Resolver File Camera Media Recorder
Implementation &Case study Taint sources and privacy leakage levels Levels Leaked Data Classes / Service No Leakage N/A 1 Device Identity Telephony Manager 2 Sensor Data Sensor Manager Location Data Location Manager 3 Sensitive Content Content Resolver File Camera Media Recorder analysis popular apps at runtime tracking data flows Taobao leaks device identity, sensor data and location data at runtime whereas for Amazon shopping there is no leakage

13 Evaluation Macro benchmarks
Application Launch Time: 6% i.e. 22.1ms overhead Application Installation Time: 12.2% i.e ms overhead Contacts Read/Write: 20%/12%

14 Evaluation Micro Benchmarks Compiler
80 built-in apps in AOSP resulted to 19.9% overhead i.e. ~67ms Overhead of 0.8% instruction for memory access Overall 21% overhead, mainly in data processing instructions AOSP - Android Open Source Project Because Android uses ahead-of-time compilation strategy, an app is only compiled once at the installation time. Therefore, the overhead on compilation time is acceptable for analysis usage Comparison of Compilation Time Comparison of Instructions

15 Concluding Remarks MERITS
TaintART produced useful results for every application tested A useful privacy analysis tool was implemented Produced no false positives in experiments conducted High performance in design DEMERITS As per the analysis Can be circumvented by implicit information flow Cannot identify if tainted information re-enters the phone after leaving IMPROVEMENTS Interactive application latency was reported anecdotally, but could have been measured more formally

16 Thank You

Download ppt "TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha."

Similar presentations

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P
Implementation of an Android Phone Based Video Streamer 2010 IEEE/ACM International Conference on Green Computing and Communications 2010 IEEE/ACM International.

Implementation of an Android Phone Based Video Streamer 2010 IEEE/ACM International Conference on Green Computing and Communications 2010 IEEE/ACM International.
Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.

Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.
Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.
ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
DYNAMIC DATA TAINTING AND ANALYSIS. Roadmap  Background  TaintDroid  JavaScript  Conclusion.

DYNAMIC DATA TAINTING AND ANALYSIS. Roadmap  Background  TaintDroid  JavaScript  Conclusion.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)

Efficient Privilege De-Escalation for Ad Libraries in Mobile Apps Bin Liu (SRA), Bin Liu (CMU), Hongxia Jin (SRA), Ramesh Govindan (USC)
JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.

JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Android Introduction Platform Overview.

Android Introduction Platform Overview.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.
Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.

Lei Wu, Michael Grace, Yajin Zhou, Chiachih Wu, Xuxian Jiang Department of Computer Science North Carolina State University CCS 2013.
Introduction to Android Swapnil Pathak www.SecurityXploded.com Advanced Malware Analysis Training Series.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Similar presentations

Ads by Google