TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones...
-
Upload
mariah-barnett -
Category
Documents
-
view
215 -
download
0
Transcript of TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones...
![Page 1: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/1.jpg)
TaintDroid:An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Presente
d By:
Steven Z
ittrower
William Enck (Penn St)(Duke) Peter Gilbert
Byung-Gon Chun (Intel)(Duke) Landon P. Cox
Jaeyeon Jung (Intel)(Penn St) Pat McDaniel
Anmol Sheth (Intel)
Authors:
Presented at OSDI 2010
![Page 2: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/2.jpg)
Overview
What is TaintDroid
Why it’s Important
Implementation
Costs and Tradeoffs
Results
?
![Page 3: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/3.jpg)
Modern SmartphonesGPS/Location DataCamera/Photos/MicrophoneContactsSMS MessagesSIM Identifiers (IMSI, ICC-ID, IMEI)
![Page 4: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/4.jpg)
TaintDroid1. Identifies Sensitive Data2. Taints and Tracks Data Flow via
Variables, Messages, Methods, and Files
3. Monitors Behavior of Running Applications in Realtime
4. Identifies Misuse of Private Data
![Page 5: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/5.jpg)
Android: The OS Built on the Linux
kernel Applications run on top
of middleware Written in JAVA
Stack-based Executed in the Dalvik
VM Interpreter Register-based
Allows access to certain native libraries
![Page 6: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/6.jpg)
Android architecture graphic courtesy of Google
![Page 7: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/7.jpg)
TaintDroid ArchitectureTrusted Applications Untrusted Applications
Dalvik VMInterpreterBinder IPC Library
Binder Kernel Module
Binder IPC Library
Dalvik VM Interpreter
Trusted LibraryTaint Source Taint Sink
Binder Hook Binder Hook
Inte
rpre
ted
Code
Kern el
Use
rspac
e Tain
t M
ap
Tain
t M
ap
1
2 3
4
5
6 7 9
8
TaintDroid Architecture map courtesy of TaintDroid: An
Information-Flow…
![Page 8: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/8.jpg)
Types of Tainted Data Variables
Locals, arguments, statics, classes, and arrays Messages
Taint tag is upper bound of tainted variables in message
Methods Tracks and propagates system provided native
libraries Files
One tag per-file, same logic as messages
![Page 9: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/9.jpg)
How Things Get Tainted
Sources Low-bandwidth
Sensors High-bandwidth
Sensors Information
Databases Devices Identifiers
Sinks Network Calls File-system Writes
![Page 10: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/10.jpg)
Taint Propagation Rules for passing
taint markers α←C : τα←0 β←α:τβ ←τα
α←α⊗β:τα←τα∪τβ
… Govern steps 3, 7
of TaintDroid Architecture
![Page 11: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/11.jpg)
Experiments 30 random popular
applications 100 minutes, 22,594
packets, 1,130 TCP connections
Logged all TaintDroid messages
Verified by logging network traffic
![Page 12: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/12.jpg)
Performance Overhead
App Load Time
Addres Book
(create)
Addres Book (read)
Phone Call
Take Pic-ture
0%
5%
10%
15%
20%
25%
30%
![Page 13: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/13.jpg)
Throughput Overhead
Time (s) Client Memory
(mb)
Service Memory
(mb)
0
5
10
15
20
25
AndroidTaintDroid
![Page 14: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/14.jpg)
Performance Takeaways 14% performance overhead
Most operations less than 20ms slower IPC 27% slower than normal Android OS
Due to continual copying of tags as values placed in buffers
3.5% more memory is used
![Page 15: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/15.jpg)
Results
Phone In-formation
Device ID Location0
10
20
30
20 20
27
2
9
15
Had Access Distributed
![Page 16: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/16.jpg)
Contributions Detects leakage of private after entering
applications Previous work deals with securing data
from non-trusted applications Works even if data is encrypted Identifies insecure, malicious, and
unethical mobile applications Modest performance overheads
![Page 17: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/17.jpg)
Weaknesses
Requires custom OS modification
No checks on native libraries
No power overhead data
Network traffic only sink tested
Malicious attackers can bypass TaintDroid
![Page 18: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/18.jpg)
Improvements
Real-time tracking and filtering
Eliminate or reduce false-positives through
better management of variable-level tags
Detection of bypass attempts
![Page 19: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649e225503460f94b0f5d2/html5/thumbnails/19.jpg)
References and Contributions TaintDroid: An Information-Flow Tracking System
for Realtime Privacy Monitoring on Smart Phones
Google (http://code.google.com/android/)
Clip-art courtesy of Norebbo.com NASA.com Linuxchixla.org