William Enck
Peter Gilbert
Skip Abstract Section
Abstract
Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid enables realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 32% performance overhead on a CPU-bound microbenchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, in our 2010 study we found 20 applications potentially misused users’ private information; so did a similar fraction of the tested applications in our 2012 study. Monitoring the flow of privacy-sensitive data with TaintDroid provides valuable input for smartphone users and security service firms seeking to identify misbehaving applications.
- Alastair R. Beresford, Andrew Rice, Nicholas Skehin, and Ripduman Sohan. 2011. MockDroid: Trading privacy for application functionality on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (HotMobile’11). Google Scholar
Digital Library
- Apache Harmony. 2011. Apache harmony -- Open source Java platform. http://harmony.apache.org.Google Scholar
- Apple, Inc. 2013. Apples app store downloads top three billion. http://www.apple.com/pr/library/2013/01/07App-Store-Tops-40-Billion-Downloads-with-Almost-Half-in-2012.html.Google Scholar
- Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, and Ahmad-Reza Sadeghi. 2011a. Xmandroid: A new android evolution to mitigate privilege escalation attacks. Tech. rep. TR-2011-04, Center for Advanced Security Research Darmstadt, Technische Universitat Darmstadt, Darmstadt, Germany.Google Scholar
- Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi, and Bhargava Shastry. 2011b. Practical and lightweight domain isolation on android. In Proceedings of the ACM Workshop on Security and Privacy in Mobile Devices (SPSM’11). Google ScholarDigital Library
- Sven Bugiel, Stephan Heuser, and Ahmad-Reza Sadeghi. 2013. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Deepak Chandra and Michael Franz. 2007. Fine-grained information flow analysis and enforcement in a Java virtual machine. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC’07).Google ScholarCross Ref
- Ben Cheng and Bill Buzbee. 2010. A jit compiler for androids dalvik vm. http://dl.google.com/googleio/2010/android-jit-compiler-androids-dalvik-vm.pdf.Google Scholar
- Winnie Cheng, Qin Zhao, Bei Yu, and Scott Hiroshige. 2006. TaintTrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC’06). 749--754. Google ScholarDigital Library
- Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. 2004. Understanding data lifetime via whole system simulation. In Proceedings of the 13th USENIX Security Symposium. Google ScholarDigital Library
- James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: A generic dynamic taint analysis framework. In Proceedings of the International Symposium on Software Testing and Analysis. 196--206. Google ScholarDigital Library
- Mauro Conti, Vu Thien Nga Nguyen, and Bruno Crispo. 2010. CRePE: Context-related policy enforcement for android. In Proceedings of the 13th Information Security Conference (ISC’10). Google ScholarDigital Library
- Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, and Paul Barham. 2005. Vigilante: End-to-end containment of internet worms. In Proceedings of the ACM Symposium on Operating Systems Principles. 133--147. Google ScholarDigital Library
- Landon P. Cox and Peter Gilbert. 2009. Redflag: Reducing inadvertent leaks by personal machines. Tech. rep. TR-2009-02, Duke University.Google Scholar
- Landon P. Cox, Peter Gilbert, Geoffrey Lawler, Valentin Pistol, Ali Razeen, Bi Wu, and Sai Cheemalapati. 2014. Spandex: Secure password tracking for android. Tech. rep. TR-2014-01, Duke University.Google Scholar
- Jedidiah R. Crandall and Frederic T. Chong. 2004. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the International Symposium on Microarchitecture. 221--232. Google ScholarDigital Library
- Chris Davies. 2009. iPhone spyware debated as app library “phones home”. http://www.slashgear.com/iphone-spyware-debated-as-app-library-phones-home-1752491/.Google Scholar
- Benjamin Davis and Hao Chen. 2013. RetroSkeleton: Retrofitting android apps. In Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys’13). 181--192. Google ScholarDigital Library
- Dorothy E. Denning. 1976. A lattice model of secure information flow. Comm. ACM 19, 5, 236--243. Google ScholarDigital Library
- Dorothy E. Denning and Peter J. Denning. 1977. Certification of programs for secure information flow. Comm. ACM 20, 7. Google ScholarDigital Library
- Michael Dietz, Shashi Shekhar, Yuliy Pisetsky, Anhei Shu, and Dan S. Wallach. 2011. Quire: Lightweight provenance for smart phone operating systems. In Proceedings of the 20th USENIX Security Symposium. Google ScholarDigital Library
- Manuel Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Song. 2007. Dyanmic spyware analysis. In Proceedings of the USENIX Annual Technical Conference. 233--246. Google ScholarDigital Library
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick Mcdaniel, and Anmol N. Sheth. 2010. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’10). Google ScholarDigital Library
- William Enck, Damien Octeau, Patrick Mcdaniel, and Swarat Chaudhuri. 2011. A study of android application security. In Proceedings of the 20th USENIX Security Symposium. Google ScholarDigital Library
- William Enck, Machigar Ongtang, and Patrick Mcdaniel. 2009. On lightweight mobile phone application certification. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). Google ScholarDigital Library
- Adrienne Porter Felt, Helen J. Wang, Alexander Moshchuk, Steven Hanna, and Erika Chin. 2011. Permission re-delegation: Attacks and defenses. In Proceedings of the 20th USENIX Security Symposium. Google ScholarDigital Library
- Michael Fitzpatrick. 2010. Mobile that allows bosses to snoop on staff developed. BBC News. http://news.bbc.co.uk/2/hi/technology/8559683.stm.Google Scholar
- Peter Gilbert, Byung-Gon Chun, Landon P. Cox, and Jaeyeon Jung. 2011. Vision: Automated security validation of mobile apps at app markets. In Proceedings of the International Workshop on Mobile Cloud Computing and Services (MCS’11). Google ScholarDigital Library
- Michael Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. 2012. Unsafe exposure analysis of mobile in-app advertisements. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec’12). Google ScholarDigital Library
- Vivek Haldar, Deepak Chandra, and Michael Franz. 2005. Dynamic taint propagation for Java. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC’05). 303--311. Google ScholarDigital Library
- William G. J. Halfond, Allesandro Orso, and Panagiotis Manolios. 2008. WASP: Protecting web applications using positive tainting and syntax-aware evaluation. IEEE Trans. Softw. Engin. 34, 1, 65--81. Google ScholarDigital Library
- Nevin Heintze and Jon G. Riecke. 1998. The slam calculus: Programming with secrecy and integrity. In Proceedings of the Symposium on Principles of Programming Languages (POPL’98). 365--377. Google ScholarDigital Library
- Boniface Hicks, Kiyan Ahmadizadeh, and Patrick Mcdaniel. 2006. Understanding practical application development in security-typed languages. In Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC’06). 153--164. Google ScholarDigital Library
- Alex Ho, Michael Fetterman, Christopher Clark, Andrew Warfield, and Steven Hand. 2006. Practical taint-based protection using demand emulation. In Proceedings of the European Conference on Computer Systems (EuroSys’06). 29--41. Google ScholarDigital Library
- Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall. 2011. These aren’t the droids you’re looking for: Retrofitting android to protect data from imperious applications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’11). Google ScholarDigital Library
- Jaeyeon Jung, Anmol Sheth, Ben Greenstein, David Wetherall, Gabriel Maganis, and Tadayoshi Kohno. 2008. Privacy oracle: A system for finding application leaks with black box differential testing. In Proceedings of the 15th ACM Conference on Computer and Communications Security. 279--288. Google ScholarDigital Library
- Min Gyung Kang, Stephen Mccamant, Pongsin Poosankam, and Dawn Song. 2011. DTA+ +: Dynamic taint analysis with targeted control-flow propagation. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11).Google Scholar
- Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. 2007. Information flow control for standard os abstractions. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP’07). 321--334. Google ScholarDigital Library
- Lap Chung Lam and Tzicker Chiueh. 2006. A general dynamic information flow tracking framework for security applications. In Proceedings of the Annual Computer Security Applications Conference (AC-SAC’06). 463--472. Google ScholarDigital Library
- Sheng Liang. 1999. Java Native Interface: Programmer’s Guide and Specification. Prentice Hall PTR. Google ScholarDigital Library
- Lookout. 2010. Introducing the app genome project. http://blog.mylookout.com/2010/07/introducing-the-app-genome-project/.Google Scholar
- Stephen Mccamant and Michael D. Ernst. 2008. Quantitative information flow as network flow capacity. SIGPLAN Not. 43, 6, 193--205. Google ScholarDigital Library
- Matteo Migliavacca, Ioannis Papagiannis, David M. Eyers, Brian Shand, Jean Bacon, and Peter Pietzuch. 2010. DEFCon: High-performance event processing with information security. In Proceedings of the USENIX Annual Technical Conference. Google ScholarDigital Library
- Dan Moren. 2009. Retrievable iphone numbers mean potential privacy issues. http://www.macworld.com/article/143047/2009/09/phone_hole.html.Google Scholar
- Andrew C. Myers. 1999. JFlow: Practical mostly-static information flow control. In Proceedings of the ACM Symposium on Principles of Programming Langauges (POPL’99). Google ScholarDigital Library
- Andrew C. Myers and Barbara Liskov. 2000. Protecting privacy using the decentralized label model. ACM Trans. Softw. Engin. Methodol. 9, 4, 410--442. Google ScholarDigital Library
- Adwait Nadkarni and William Enck. 2013. Preventing accidental data disclosure in modern operating systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’13). Google ScholarDigital Library
- Srijith K. Nair, Patrick N. D. Simpson, Bruno Crispo, and Andrew S. Tanenbaum. 2007. A virtual machine based information flow control system for policy enforcement. In Proceedings of the 1st International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM’07).Google Scholar
- Mohammad Nauman, Sohail Khan, and Xinwen Zhang. 2010. Apex: Extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASICCAS’10). 328--332. Google ScholarDigital Library
- James Newsome, Stephen Mccamant, and Dawn Song. 2009. Measuring channel capacity to distinguish undue influence. In Proceedings of the 4th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS’09). 73--85. Google ScholarDigital Library
- James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Network and Distributed System Security Symposium (NDSS’05).Google Scholar
- Machigar Ongtang, Stephen Mclaughlin, William Enck, and Patrick Mcdaniel. 2009. Semantically rich application-centric security in android. In Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC’09). Google ScholarDigital Library
- Pendragon Software Corporation. 1997. CaffeineMark 3.0. http://www.benchmarkhq.ru/cm30/.Google Scholar
- Feng Qin, Chen Wang, Zhenmin Li, Ho-Seop Kim, Yuanyuan Zhou, and Youfeng Wu. 2006. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture. 135--148. Google ScholarDigital Library
- Indrajit Roy, Donald E. Porter, Michael D. Bond, Kathryn S. Mckinley, and Emmettwitchel. 2009. Laminar: Practical fine-grained decentralized information flow control. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI’09). 63--74. Google ScholarDigital Library
- Andrei Sabelfeld and Andrew C. Myers. 2003. Language-based information-flow security. IEEE J. Selected Areas Comm. 21, 1, 5--19. Google ScholarDigital Library
- Prateek Saxena, R. Sekar, and Varun Puranik. 2008. Efficient fine-grained binary instrumentation with applications to taint-tracking. In Proceedings of the IEEE/ACM Symposium on Code Generation and Optimization (CGO’08). 74--83. Google ScholarDigital Library
- Roman Schlegel, Kehuan Zhang, Xiao-Yong Zhou, Mehool Intwala, Apu Kapadia, and Xiao Feng Wang. 2011. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS’11).Google Scholar
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Asia Slowinska and Herbert Bos. 2009. Pointless tainting? Evaluating the practicality of pointer tainting. In Proceedings of the European Conference on Computer Systems (EuroSys’09). 61--74. Google ScholarDigital Library
- Stephen Smalley and Robert Craig. 2013. Security enhanced (se) android: Bringing flexible MAC to android. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS’13).Google Scholar
- G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’04). 85--96. Google ScholarDigital Library
- Yang Tang, Phillip Ames, Sravan Bhamidipati, Ashish Bijlani, Roxana Geambasu, and Nikhil Sarda. 2012. CleanOS: Limiting mobile data exposure with idle eviction. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI’12). Google ScholarDigital Library
- Neil Vachharajani, Matthew J. Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A. Blome, George A. Reis, Manish Vachharajani, and David I. August. 2004. RIFLE: An architectural framework for user-centric information-flow security. In Proceedings of the 37th Annual IEEE/ACM International Symposium on Microarchitecture. 243--254. Google ScholarDigital Library
- Steve Vandebogart, Petros Efstathopoulos, Eddie Kohler, Maxwell Krohn, Cliff Frey, David Ziegler, Frans Kaashoek, Robert Morris, and David Mazieres. 2007. Labels and event processes in the asbestos operating system. ACM Trans. Comput. Syst. 25, 4. Google ScholarDigital Library
- Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2007. Cross-site scripting prevention with dynamic data tainting and static analysis. In Proceedings of the 14th Network and Distributed System Security Symposium.Google Scholar
- Xiao Feng Wang, Zhuowei Li, Ninghui Li, and Jong Youl Choi. 2008. PRECIP: Towards practical and retrofittable confidential information protection. In Proceedings of 15th Network and Distributed System Security Symposium (NDSS’08).Google Scholar
- Whatapp. 2010. WhatApp. http://www.whatapp.org.Google Scholar
- Rubin Xu, Hassen Saidi, and Ross Anderson. 2012. Aurasium: Practical policy enforcement for android applications. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Wei Xu, Sandeep Bhatkar, and R. Sekar. 2006. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the USENIX Security Symposium. 121--136. Google ScholarDigital Library
- Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In Proceedings of the USENIX Security Symposium. Google ScholarDigital Library
- Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. 2007. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security. 116--127. Google ScholarDigital Library
- Alexander Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. 2009. Improving application security with data flow assertions. In Proceedings of the ACM Symposium on Operating Systems Principles. Google ScholarDigital Library
- Aydan R. Yumerefendi, Benjamin Mickle, and Landon P. Cox. 2007. TightLip: Keeping applications from pilling the beans. In Proceedings of the 4th USENIX Symposium on Network Systems Design and Implementation (NSDI’07). 159--172. Google ScholarDigital Library
- Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. 2006. Making information flow explicit in Histar. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI’06). 263--278. Google ScholarDigital Library
- Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets. In Proceedings of the Network and Distributed System Security Symposium.Google Scholar
- Yajin Zhou, Xinwen Zhang, Xuxian Jiang, and Vincent W. Freeh. 2011. Taming information-stealing smartphone applications (on android). In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST’11). Google ScholarDigital Library
- David Zhu, Jaeyeon Jung, Dawn Song, Tadayoshi Kohno, and David Wetherall. 2009. Privacy scope: A precise information flow tracking system for finding application leaks. Tech. rep. EECS-2009-145, Department of Computer Science, UC Berkeley, CA.Google Scholar
Index Terms
- TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Recommendations
TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityMobile operating systems like Android failed to provide sufficient protection on personal data, and privacy leakage becomes a major concern. To understand the security risks and privacy leakage, analysts have to carry out data-flow analysis. In 2014, ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10: Proceedings of the 9th USENIX conference on Operating systems design and implementationToday's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic ...
Comments