Practical Dynamic Information-Flow Tracking on Mobile Devices

Pistol, Ion Valentin

January 2014

<p>Today's consumer mobile platforms such as Android and iOS manage large ecosystems of untrusted third-party applications. It is common for an application to request one or more types of sensitive data. Unfortunately, users have no insight into how their data is used. Given the sensitivity of the data accessible by these applications, it is paramount that mobile operating systems prevent apps from leaking it.</p><p>This dissertation shows that it is possible to improve the soundness of dynamic information-flow tracking on a mobile device without sacrificing precision, performance, or transparency. We extend the state of the art in dynamic information-flow tracking on Android and address two major limitations: quantifying implicit flow leaks in Dalvik bytecode and tracking explicit flows in native code. Our goal is to deliver seamless end-to-end taint tracking across Dalvik bytecode and native code.</p><p>We propose SpanDex, a system that quantifies implicit flow leaks in Dalvik bytecode for apps handling password data. SpanDex computes a bound of revealed tainted data by recording the control-flow dependencies and for each password character, keeps track of the possible set of values that have been inferred. We also propose TaintTrap, a taint tracking system for native code in third party apps. We explore native taint tracking performance bottlenecks and hardware acceleration techniques to improve instrumentation performance.</p> / Dissertation

Computer science

Immunology

Computer engineering

Android

Emulation

explicit flows

implicit flows

TaintDroid

TaintTrap

A Fine-Grained Dynamic Information Flow Analysis for Android Apps

Sankaran, Shyam

January 2017

Android has been steadily gaining popularity ever since its launch in 2008. One of the major factors for this is the easy availability of a large variety of apps. They range from simple apps such as calculator apps to apps which can help people maintain their schedules and thus man-age many aspects of their lives. In addition, a lot of free apps are available to the user thanks to the power of in-app purchases and advertisements. However, these also raise many security concerns. Apps are privy to a lot of private information regarding the user, such as his contacts, location, etc. It is essential to ascertain that apps do not leak such information to untrustworthy entities. In order to solve this problem, there have been many static and dynamic analyses which aim to track private data accessed or generated by the app to its destination. Such analyses are commonly known as Information Flow analyses. Dynamic analysis techniques, such as TaintDroid, tracks private information and alerts the user when it is accessed by speci c API calls. However, they do not track the path taken by the information, which can be useful in debugging and validation scenarios. The first key contribution of this thesis is a model to perform dynamic information ow analysis, inspired by FlowDroid and TaintDroid, which can retain path information of sensitive data in an efficient manner. The model instruments the app and uses path-edges to track the information flows during a dynamic run. We describe the data structure and transfer functions used, and the reasons for its design based on the challenges posed by the Android programming model and efficiency requirements. The second key contribution is the capability to trace the path taken by the sensitive information based on the information obtained during the analysis, as well as the capability to compliment static analyses such as FlowDroid with the output of this analysis. The tests conducted on the implemented model using DroidBench and GeekBench 3 show the precision and soundness of the analysis, and a performance overhead of 25% while real-world apps show negligible lag. All leaks seen in DroidBench where successfully tracked and were verified to be true positives. We tested the model on 10 real-world apps where we find on average about 16.4% of the total path-edges found by FlowDroid.

Android Apps

FlowDroid

TaintDroid

Computer Science