An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1.

Slides:

Advertisements

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Advertisements

FYP Presentation Mobile Marketing Management System CHA2 Mobile Commerce Applications II Mobile Marketing Management System Presented by Cheng.

Enhancing Users’ Comprehension of Android Permissions Liu Yang, Nader Boushehrinejad, Pallab Roy, Vinod Ganapathy, Liviu Iftode Department of Computer.

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

Automated Remote Repair for Mobile Malware Yacin Nadji, Jonathon Giffin, Patrick Traynor Georgia Institute of Technology ACSAC’ 11.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson Presented By: Rajat Khandelwal – 2009CS10209 Parikshit.

Aurasium: Practical Policy Enforcement for Android Applications R. Xu, H. Saidi and R. Anderson.

Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov.

Rage Against The Virtual Machine: Hindering Dynamic Analysis of Android Malware Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Sotiris Ioannidis,

Onetouch Cloud Backup.

School location collector

What is Android? Android is among the most popular operating systems aimed towards mobile devices such as smartphones, and is currently the most widely.

DYNAMIC DATA TAINTING AND ANALYSIS. Roadmap  Background  TaintDroid  JavaScript  Conclusion.

SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.

A Survey of Mobile Phone Sensing Michael Ruffing CS 495.

CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.

Presentation By Deepak Katta

Unsafe Exposure Analysis of Mobile In-App Advertisements Offense: Rachel Stonehirsch.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

MOBILE CLOUD COMPUTING

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)

박 종 혁 컴퓨터 보안 및 운영체제 연구실 Workshop on Mobile Security Technologies (MoST)

D2Taint: Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources Boxuan Gu, Xinfeng Li, Gang Li, Adam C. Champion,

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

Monitoring Latency Sensitive Enterprise Applications on the Cloud Shankar Narayanan Ashiwan Sivakumar.

Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.

Performance Optimizing of Android Application Yu KANG 1.

Analyzing and Detecting Network Security Vulnerability Weekly report 1Fan-Cheng Wu.

A Presentation Of TaintDroid & Related Topics

ReCapture A Pattern-aware Benchmark Tool for Smartphones.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

Effective Real-time Android Application Auditing

By J.T. Ascoli Dan Winters Ronnie Gillespie Dan Heinrichs.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

The “Taint” Leakage Model Ron Rivest Crypto in the Clouds Workshop, MIT Rump Session Talk August 4, 2009.

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

Hui Xu, Yangfan Zhou, Cuiyun Gao, Yu Kang, Michael R. Lyu

Title of Presentation DD/MM/YYYY © 2015 Skycure Why Are Hackers Winning the Mobile Malware Battle.

1 REMOTE CONTROL SYSTEM V7 2 Introduction.

Virtual Application Profiler (VAPP) Problem – Increasing hardware complexity – Programmers need to understand interactions between architecture and their.

Android Permissions Remystified: A Field Study on Contextual Integrity Presenter: Hongyang Zhao Primal Wijesekera (UBC) Arjun Baokar (UC Berkeley) Ashkan.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

VMM Based Rootkit Detection on Android

David Choffnes, Northeastern University Jingjing Ren, Northeastern University Ashwin Rao, University of Helsinki Martina Lindorfer, Vienna Univ. of Technology.

Workflow Service Host Persistence (Instances) Persistence (Instances) Monitoring Activity Library Receive Send... Management Endpoint Persistence Behavior.

Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

SOMA Service-Oriented Mobile learning Architecture Fabian Kromer Andreas Kuntner

NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.

THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.

AppAudit Effective Real-time Android Application Auditing Andrew Jeong

M IND Q S YSTEMS Leaders in Training /7, 2nd Floor, Srinivasa Nagar Colony (W) Above HDFC Bank, S.R.Nagar Hyderabad

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Android’s Malware Attack, Stealthiness and Defense: An Improvement Mohammad Ali, Humayun Ali and Zahid Anwar 2011 Frontiers of Information Technology.

Authors: William Enck & Patrick McDaniel In collaboration with: Duke University and Intel Labs Presentation: Ed Novak 1.

Operating System Simulator

WELCOME Mobile Applications Testing

AntMonitor: A System for Monitoring from Mobile Devices

Mobile Application Test Case Automation

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

ProfileDroid: Multi-layer Profiling of Android Applications

Physical activities and activity tracker

Pradeo Security Systems

Android.Adware.Plankton.A % Android.Adware.Wapsx.A – 4.73%

AppInventor android development for everyone

The “Taint” Leakage Model

Presentation transcript:

An Offloaded Dynamic Taint Analysis Approach for Privacy Leakage Detection on Android Hui Xu 1

Motivation: Contact List SMS Call Log Browser History AccountLocation 2

Adversary Model & State-of-the-art Work Adversary Model: Official applications may read sensitive data stored on phones, and transmit such information via network. TaintDroid, Published in USENIX 2011 Usability Issue: need OS recompilation ReadSend Memory1 Sensitive Data Program Trace Data Memory2 [Program Trace, Memory Access] => Data Leakage 3

Smartphone Behavior Profiler Our Approach: Overall Architecture Android Emulator Signature DB Applications Signatures Taint Module Behavior Profiler Detector Server Automated Testing Tool Analyzer 4

Leakage Instances Two sets of apps: Set I: Apps causing no leakage => Red Table. Set II: Apps causing leakage => Black Table Data metric Applications may leak different data (e.g., some leak contact list, some leak IMEI) sensitive data should be considered separately SituationReadSendLeakage INo IIYesNo IIIYes IVYesPerhapsYes 5