An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

5
An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1

Transcript of An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

Page 1: An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

An Offloaded Dynamic Taint Analysis Approach for

Privacy Leakage Detection on Android

Hui Xu

1

Page 2: An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

Motivation:

ContactList SMS Call

LogBrowserHistory Account Location

2

Page 3: An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

Adversary Model & State-of-the-art Work• Adversary Model: Official applications may read sensitive data stored on phones,

and transmit such information via network. • TaintDroid, Published in USENIX 2011

• Usability Issue: need OS recompilation

Read Send

Memory1

SensitiveData

Program Trace

DataMemory2

[Program Trace, Memory Access] => Data Leakage3

Page 4: An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

Smartphone

Behavior Profiler

Our Approach: Overall Architecture

Android Emulator

SignatureDB

ApplicationsSignatures

Taint Module

BehaviorProfilerDetecto

r

Server

Automated Testing Tool

Analyzer

4

Page 5: An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

Leakage Instances

• Two sets of apps:• Set I: Apps causing no leakage => Red Table.• Set II: Apps causing leakage => Black Table

• Data metric• Applications may leak different data (e.g., some leak contact list, some leak

IMEI)• sensitive data should be considered separately

Situation Read Send Leakage

I No No No

II Yes No No

III Yes Yes Yes

IV Yes Perhaps Yes5


Detection of boar taint by Human nose

Detection of boar taint by Human nose

Dynamic Taint Analysisheng/teaching/cs260-winter2017/... · 2017. 9. 29. · Approach: Dynamic Taint Analysis ... –Destination address for control flow (default) –Format string

Dynamic Taint Analysisheng/teaching/cs260-winter2017/... · 2017. 9. 29. · Approach: Dynamic Taint Analysis ... –Destination address for control flow (default) –Format string

Targeted taint driven fuzzing using software metrics

Targeted taint driven fuzzing using software metrics

One Engine to Serve’emAll: Inferring Taint Rules Without ... · One Engine to Serve’emAll: Inferring Taint Rules Without Architectural Semantics Zheng Leong Chua, YanhaoWang,

One Engine to Serve’emAll: Inferring Taint Rules Without ... · One Engine to Serve’emAll: Inferring Taint Rules Without Architectural Semantics Zheng Leong Chua, YanhaoWang,

Preventing Sulfur Taint Formation by Saccharomyces

Preventing Sulfur Taint Formation by Saccharomyces

TaintPipe: Pipelined Symbolic Taint Analysis - Faculty Pipelined Symbolic Taint Analysis Jiang Ming, Dinghao Wu, Gaoyao Xiao, ... (DBI) to decouple dynamic taint analysis from program

TaintPipe: Pipelined Symbolic Taint Analysis - Faculty Pipelined Symbolic Taint Analysis Jiang Ming, Dinghao Wu, Gaoyao Xiao, ... (DBI) to decouple dynamic taint analysis from program

Chen Hui JingChen Hui Jing

Chen Hui JingChen Hui Jing

Smoke Taint Removal

Smoke Taint Removal

Dynamic Taint Analysis for Automatic Detection, …bitblaze.cs.berkeley.edu/papers/taintcheck-full.pdfDynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation

Dynamic Taint Analysis for Automatic Detection, …bitblaze.cs.berkeley.edu/papers/taintcheck-full.pdfDynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation

Dynamic Code Evaluation & Taint Analysisaustin/...EvalAndTaintAnalysis.pdf& Taint Analysis . Announcement For next class, read Chapter 6 of your textbook. ... • In most languages,

Dynamic Code Evaluation & Taint Analysisaustin/...EvalAndTaintAnalysis.pdf& Taint Analysis . Announcement For next class, read Chapter 6 of your textbook. ... • In most languages,

Taint scope

Taint scope

Windows offloaded data_transfer_steve_olsson

Windows offloaded data_transfer_steve_olsson

Speculative Taint Tracking (STT): A Comprehensive …iacoma.cs.uiuc.edu/iacoma-papers/micro19_2.pdfSpeculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed

Speculative Taint Tracking (STT): A Comprehensive …iacoma.cs.uiuc.edu/iacoma-papers/micro19_2.pdfSpeculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed

Capturing Information Flow with Concatenated Dynamic Taint Analysis

Capturing Information Flow with Concatenated Dynamic Taint Analysis

F4F: Taint Analysis of Framework-based Web Applications

F4F: Taint Analysis of Framework-based Web Applications

TAJ: Effective Taint Analysis of Web Applications

TAJ: Effective Taint Analysis of Web Applications

Efficient Character-level Taint Tracking for Java

Efficient Character-level Taint Tracking for Java

Taint tracking - Columbia University

Taint tracking - Columbia University

P/Taint: Unified Points-to and Taint Analysis · 2021. 5. 19. · information-flow analysis computes which taint sources can influence a value and whether a value can reach a sink.

P/Taint: Unified Points-to and Taint Analysis · 2021. 5. 19. · information-flow analysis computes which taint sources can influence a value and whether a value can reach a sink.

Reliability-Centric Analysis of Offloaded Computation in ...downloads.hindawi.com/journals/wcmc/2017/9625687.pdfResearchArticle Reliability-Centric Analysis of Offloaded Computation

Reliability-Centric Analysis of Offloaded Computation in ...downloads.hindawi.com/journals/wcmc/2017/9625687.pdfResearchArticle Reliability-Centric Analysis of Offloaded Computation