On the Effectiveness of Dynamic Taint Analysis for Protecting against Private Information Leaks on Android-based Devices

Golam Sarwar, Olivier Mehani, Roksana Boreli, Mohamed-Ali Kaafar

2013

Abstract

.

References

  1. (2011). Understanding Carrier IQ technology. White paper, Carrier IQ.
  2. (2012). perlsec - Perl security.
  3. Cavallaro, L., Saxena, P., and Sekar, R. (2007). Anti-taintanalysis: Practical evasion techniques against information flow based malware defense. Technical report, Stony Brook University.
  4. Cavallaro, L., Saxena, P., and Sekar, R. (2008). On the limits of information flow techniques for malware analysis and containment detection of intrusions and malware, and vulnerability assessment. In DIMVA 2008, chapter 8.
  5. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., and Rosenblum, M. (2004). Understanding data lifetime via whole system simulation. In Security 2004.
  6. Clause, J., Li, W., and Orso, A. (2007). Dytan: a generic dynamic taint analysis framework. In ISTA 2007.
  7. Egele, M., Kruegel, C., Kirda, E., and Vigna, G. (2011). PiOS: Detecting privacy leaks in iOS applications. In NDSS 2011.
  8. Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. (2012). TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI 2010.
  9. Felt, A. P., Chin, E., Hanna, S., Song, D., and Wagner, D. (2011). Android permissions demystified. In CCS 2011.
  10. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. (2012). Android permissions: User attention, comprehension, and behavior. In SOUPS 2012.
  11. Gilbert, P., Chun, B. G., Cox, L. P., and Jung, J. (2011). Vision: Automated security validation of mobile apps at app markets. In MCS 2011.
  12. Google Inc. (2012). Android Java New I/O interface. Android 4.2 r1.
  13. Graa, M., Cuppens-Boulahia, N., Cuppens, F., and Cavalli, A. (2012). Detecting control flow in smarphones: Combining static and dynamic analyses. In CCS 2012.
  14. Grace, M. C., Zhou, W., Jiang, X., and Sadeghi, A.-R. (2012). Unsafe exposure analysis of mobile in-app advertisements. In WiSec 2012.
  15. Ho, A., Fetterman, M., Clark, C., Warfield, A., and Hand, S. (2006). Practical taint-based protection using demand emulation. In EuroSys 2006.
  16. Hornyack, P., Han, S., Jung, J., Schechter, S., and Wetherall, D. (2011). “These aren't the droids you're looking for:” retrofitting Android to protect data from imperious applications. In CCS 2011.
  17. Kang, M. G., McCamant, S., Poosankam, P., and Ong, D. (2011). DTA++: Dynamic taint analysis with targeted control-flow propagation. In NDSS 2011.
  18. Newsome, J. and Song, D. (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS 2005.
  19. Russello, G., Conti, M., Crispo, B., and Fernandes, E. (2012). MOSES: Supporting operation modes on smartphones. In SACMAT 2012.
  20. Schwartz, E. J., Avgerinos, T., and Brumley, D. (2010). All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In SP 2010.
  21. Thomas, D. and Hunt, A. (2001). Locking Ruby in the Safe, chapter 20.
  22. Yin, H., Song, D., Egele, M., Kruegel, C., and Kirda, E. (2007). Panorama: Capturing system-wide information flow for malware detection and analysis. In CCS 2007.
Download


Paper Citation


in Harvard Style

Sarwar G., Mehani O., Boreli R. and Kaafar M. (2013). On the Effectiveness of Dynamic Taint Analysis for Protecting against Private Information Leaks on Android-based Devices . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 461-468. DOI: 10.5220/0004535104610468


in Bibtex Style

@conference{secrypt13,
author={Golam Sarwar and Olivier Mehani and Roksana Boreli and Mohamed-Ali Kaafar},
title={On the Effectiveness of Dynamic Taint Analysis for Protecting against Private Information Leaks on Android-based Devices},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={461-468},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004535104610468},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - On the Effectiveness of Dynamic Taint Analysis for Protecting against Private Information Leaks on Android-based Devices
SN - 978-989-8565-73-0
AU - Sarwar G.
AU - Mehani O.
AU - Boreli R.
AU - Kaafar M.
PY - 2013
SP - 461
EP - 468
DO - 10.5220/0004535104610468