Skip to main content
SpringerLink
Log in
Book cover

International Conference on Database and Expert Systems Applications

DEXA 2019: Database and Expert Systems Applications pp 85–94Cite as

Information Disclosure Detection in Cyber-Physical Systems

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1062))

Abstract

The detection of information disclosure attacks, i.e. the unauthorized disclosure of sensitive data, is a dynamic research field. The disclosure of sensitive data can be detected by various static and dynamic security analysis methods. In the context of Android, dynamic taint-tracking systems like Taintdroid have turned out to be especially promising. Here we present a simulation environment, which is based on existing dynamic taint-tracking systems. It extends these and changes the analysis concept behind the taint-tracking system it uses. While taint-tracking is mainly used for mobile devices running Android, we postulate the importance of detecting information disclosure in any cyber-physical system. In this paper, we explore the detection of information disclosure by simulating devices and monitoring the information flows inside and among the devices.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Berner, F.: Simulacron: Eine Simulationsumgebung zur automatischen Testwiederholung und Erkennung von Informationsabflüssen in Android-Applikationen. In: IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung; Tagungsband ... 16. Deutschen IT-Sicherheitskongress, 21–23 May 2019, pp. 167–177 (2019)

    Google Scholar 

  2. Biro, M., Mashkoor, A., Sametinger, J., Seker, R.: Software safety and security risk mitigation in cyber-physical systems. IEEE Softw. 35(1), 24–29 (2018)

    Article  Google Scholar 

  3. Dam, M., Le Guernic, G., Lundblad, A.: TreeDroid: a tree automaton based approach to enforcing data processing policies. In: Proceedings of the 2012 ACM conference on Computer and communications security, CCS 2012, p. 894 (2012)

    Google Scholar 

  4. Enck, W.: Defending users against smartphone apps: techniques and future directions. In: Proceedings of 7th International Conference on Information Systems Security (2011)

    Chapter  Google Scholar 

  5. Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on Smartphones. In: Proceeding of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010 (2010)

    Google Scholar 

  6. Cyber physical Systems Public Working Group: Framework for Cyber-physical Systems Release, 1, May 2016

    Google Scholar 

  7. Qian, C., Luo, X., Shao, Y., Chan, A.T.S.: On tracking information flows through JNI in android applications. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 180–191. IEEE (2014)

    Google Scholar 

  8. Stallings, W., Brown, L., Bauer, M., Howard, M.: Computer Security: Principles and Practice. Always Learning, 2nd edn. Pearson, Boston and Mass (2012)

    Google Scholar 

  9. Sufatrio, Tan, D.J.J., Chua, T.W., Thing, V.L.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. 47(4), 1–45 (2015)

    Article  Google Scholar 

  10. Sun, M., Wei, T., Lui, J.C.S.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: Katzenbeisser, S., Weippl, E. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 331–342. ACM (2016)

    Google Scholar 

  11. Meng, X., et al.: Toward engineering a secure android ecosystem. ACM Comput. Surv. 49(2), 1–47 (2016)

    Google Scholar 

  12. You, W., Liang, B., Shi, W., Wang, P., Zhang, X.: TaintMan: an art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices. IEEE Trans. Dependable Secur. Comput. 1 (2017)

    Google Scholar 

  13. Zhang, Y., et al.: Vetting undesirable behaviors in android apps with permission use analysis. In: Sadeghi, A.-R., Gligor, V., Yung, M. (eds.) The 2013 ACM SIGSAC Conference, pp. 611–622 (2013)

    Google Scholar 

Download references

Acknowledgement

This work has partially been supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.

Author information

Authors and Affiliations

  1. Department of Business Informatics, LIT Secure and Correct Systems Lab, Johannes Kepler University Linz, Linz, Austria

    Fabian Berner & Johannes Sametinger

Authors
  1. Fabian Berner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johannes Sametinger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fabian Berner .

Editor information

Editors and Affiliations

  1. Institute of Telecooperation, Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Gabriele Anderst-Kotsis

  2. Software Competence Center Hagenberg, Hagenberg, Austria

    A Min Tjoa

  3. Institute of Telecooperation, Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Ismail Khalil

  4. ENSIT, LaTICE, University of Tunis, Tunis, Tunisia

    Mourad Elloumi

  5. Software Competence Center, Hagenberg, Austria

    Atif Mashkoor

  6. Steyregg, Oberösterreich, Austria

    Johannes Sametinger

  7. Edificio 204, ICT Division,TECNALIA, Derio, Vizcaya, Spain

    Xabier Larrucea

  8. Top 74, Innsbruck, Tirol, Austria

    Anna Fensel

  9. Hagenberg Gmbh, Software Competence Center, Hagenberg im Mühlkreis, Oberösterreich, Austria

    Jorge Martinez-Gil

  10. Software Competence Center Hagenberg, SC, Hagenberg im Mühlkreis, Oberösterreich, Austria

    Bernhard Moser

  11. University of Twente, ENSCHEDE, Overijssel, The Netherlands

    Christin Seifert

  12. Bauhaus Universität Weimar, Weimar, Thüringen, Germany

    Benno Stein

  13. MiCS, Media Computer Science, University of Passau, Passau, Bayern, Germany

    Michael Granitzer

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Berner, F., Sametinger, J. (2019). Information Disclosure Detection in Cyber-Physical Systems. In: Anderst-Kotsis, G., et al. Database and Expert Systems Applications. DEXA 2019. Communications in Computer and Information Science, vol 1062. Springer, Cham. https://doi.org/10.1007/978-3-030-27684-3_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-27684-3_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-27683-6

  • Online ISBN: 978-3-030-27684-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation