Taint droid: An information flow tracking system for real-time privacy monitoring on smartphones

Communications of the ACM

Volumn 57, Issue 3, 2014, Pages 99-106

  Enck, William ^a   Gilbert, Peter ^b   Chun, Byung Gon ^c   Cox, Landon P ^b   Jung, Jaeyeon ^d   McDaniel, Patrick ^e   Sheth, Anmol N ^f  

^a North Carolina State University   (United States)

^b Duke University   (United States)

^c Seoul National University   (South Korea)

^d MICROSOFT RESEARCH   (United States)

^e PENNSYLVANIA STATE UNIVERSITY   (United States)

^f Technicolor Research   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANALYSIS SYSTEM; ANDROID APPLICATIONS; DYNAMIC TAINT TRACKING; EXECUTION ENVIRONMENTS; INFORMATION FLOW TRACKING; REAL TIME ANALYSIS; SMARTPHONE SECURITIES; THIRD PARTY APPLICATION (APPS);

SIGNAL ENCODING; TELEPHONE SYSTEMS;

SMARTPHONES;

EID: 84897681073     PISSN: 00010782     EISSN: 15577317     Source Type: Journal    
DOI: 10.1145/2494522     Document Type: Article

References (25)

1. Chandra, D., Franz, M. Fine-grained information flow analysis and enforcement in a Java virtual machine. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC) (Dec. 2007).
2. Cheng, W., Zhao, Q., Yu, B., Hiroshige, S. TaintTrace: Efficient flow tracing with dyanmic binary rewriting. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC) (Jun. 2006), 749-754.
3. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M. Understanding data lifetime via whole system simulation. In Proceedings of the 13th USENIX Security Symposium (Aug. 2004).
4. Clause, J., Li, W., Orso, A. Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis (2007), 196-206.
5. Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P. Vigilante: End-to-end containment of internet worms. In Proceedings of the ACM Symposium on Operating Systems Principles (Oct. 2005), 133-147.
6. Crandall, J.R., Chong, F.T. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the International Symposium on Microarchitecture (Dec. 2004), 221-232.
7. Denning, D.E., Denning, P.J. Certification of Programs for Secure Information Flow. Commun. ACM 20, 7 (Jul. 1977).
8. Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D. Dyanmic spyware analysis. In Proceedings of the USENIX Annual Technical Conference (Jun. 2007), 233-246.
9. E nck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI) (Oct. 2010).
10. Haldar, V., Chandra, D., Franz, M. Dynamic taint propagation for Java. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC) (Dec. 2005), 303-311.
11. Halfond, W.G., Orso, A., Manolios, P. WAS P: Protecting web applications using positive tainting and syntaxaware evaluation. IEEE Trans. Softw. Eng. 34, 1 (2008), 65-81.
12. Ho, A., Fetterman, M., Clark, C., Warfield, A., Hand, S. Practical taint-based protection using demand emulation. In Proceedings of the European Conference on Computer Systems (EuroSys) (Apr. 2006), 29-41.
13. Lam, L.C., cker Chiueh, T. A general dynamic information flow tracking framework for security applications. In Proceedings of the Annual Computer Security Applications Conference (ACSAC) (Dec. 2006), 463-472.
14. Myers, A.C. JFlow: Practical mostly-static information flow control. In Proceedings of the ACM Symposium on Principles of Programming Langauges (POPL) (Jan. 1999).
15. Nair, S.K., Simpson, P.N., Crispo, B., Tanenbaum, A.S. A virtual machine based information flow control system for policy enforcement. In The 1st International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM) (2007).
16. Newsome, J., Song, D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Network and Distributed System Security Symposium (NDSS) (2005).
17. Qin, F., Wang, C., Li, Z., seop Kim, H., Zhou, Y., Wu, Y. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture (2006), 135-148.
18. Saxena, P., Sekar, R., Puranik, V. Efficient fine-grained binary instrumentation with applications to taint-tracking. In Proceedings of the IEEE/ACM symposium on Code Generation and Optimization (CGO) (Apr. 2008), 74-83,.
19. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S. Secure program execution via dynamic information flow tracking. In Proceedings of the Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (Oct. 2004), 85-96.
20. Vachharajani, N., Bridges, M.J., Chang, J., Rangan, R., Ottoni, G., Blome, J.A., Reis, G.A., Vachharajani, M., August, D.I. RIFLE: An architectural framework for user-centric information-flow security. In Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture (2004), 243-254.
21. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G. Crosssite scripting prevention with dynamic data tainting and static analysis. In Proceedings of the 14th Network and Distributed System Security Symposium (2007).
22. Xu, W., Bhatkar, S., Sekar, R. Taintenhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the USENIX Security Symposium (Aug. 2006), 121-136.
23. Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E. Panorama: Capturing systemwide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security (2007), 116-127.
24. Yip, A., Wang, X., Zeldovich, N., Kaashoek, M.F. Improving application security with data flow assertions. In Proceedings of the ACM Symposium on Operating Systems Principles (Oct. 2009).
25. Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D. Tainteraser: Protecting sensitive data leaks using applicationlevel taint tracking. Operating Sys. Rev. 45, 1 (2011), 142-154.