ABSTRACT
The leakage of private information is of great concern on mobile devices since they contain a great deal of sensitive information. This has spurred interest in the use of taint tracking systems to track and monitor the flow of private information on a mobile device. Taint tracking systems impose memory overhead, as taint information must be maintained for every piece of information an application stores in memory. This memory cost is at odds with the growing number of low-end, memory-constrained devices, which makes up the majority mobile device growth in emerging markets. To make taint tracking affordable and to benefit a broader range of mobile devices, we present LazyTainter, which is a memory-efficient taint tracking system designed for managed runtimes. To implement LazyTainter, we enhanced TaintDroid with hybrid taint tracking, which combines lazy and eager tainting, to reduce memory usage with only negligible performance loss. Our experimental results demonstrate that LazyTainter can reduce heap usage by as much as 26.5% when compared to TaintDroid while imposing a negligible 1% increase in performance overhead.
- K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: Analyzing the Android Permission Specification. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 217--228, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- R. Balebako, J. Jung, W. Lu, L. F. Cranor, and C. Nguyen. "Little brothers watching you": Raising awareness of data leaks on smartphones. In L. Bauer, K. Beznosov, and L. F. Cranor, editors, SOUPS, page 12. ACM, 2013. Google ScholarDigital Library
- D. Bornstein. Dalvik VM Internals. https://sites.google.com/site/io/dalvik-vm-internals, 2008.Google Scholar
- D. Burke. Android 4.4 KitKat and Updated Developer Tools. http://android-developers.blogspot.ca/2013/10/android-44-kitkat-and-updated-developer.html, 2013.Google Scholar
- CaffeineMark 3.0. http://www.benchmarkhq.ru/cm30/.Google Scholar
- M. Dam, G. Le Guernic, and A. Lundblad. TreeDroid: A Tree Automaton Based Approach to Enforcing Data Processing Policies. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 894--905, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- Investigating Your RAM Usage. https://developer.android.com/tools/debugging/debugging-memory.html.Google Scholar
- V. Djeric and A. Goel. Securing Script-based Extensibility in Web Browsers. In Proceedings of the 19th USENIX Conference on Security, USENIX Security'10, pages 23--23, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- Flurry Blog. http://blog.flurry.com/?Tag=UsageStatistics.Google Scholar
- A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical Taint-based Protection Using Demand Emulation. In Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, EuroSys '06, pages 29--41, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These Aren't the Droids You're Looking for: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 639{652, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- IDC Press Release. http://www.idc.com/getdoc.jsp? containerId=prUS24676414.Google Scholar
- Android Kitkat. http://developer.android.com/about/versions/kitkat.html.Google Scholar
- D. Lea. A Memory Allocator. http://g.oswego.edu/dl/html/malloc.html, 2000.Google Scholar
- B. Livshits. Dynamic Taint Tracking in Managed Run-times. Technical Report MSR-TR-2012--114, Microsoft Research, Nov 2012.Google Scholar
- B. Livshits and J. Jung. Automatic Mediation of Privacy-sensitive Resource Access in Smartphone Applications. In Proceedings of the 22Nd USENIX Conference on Security, SEC'13, pages 113--130, Berkeley, CA, USA, 2013. USENIX Association. Google ScholarDigital Library
- Running Android with low RAM. http://source.android.com/devices/low-ram.html.Google Scholar
- J. Newsome. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.Google Scholar
- A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically Hardening Web Applications Using Precise Tainting. In In 20th IFIP International Information Security Conference, pages 372--382, 2005.Google Scholar
- D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon. Effective Inter-component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis. In Proceedings of the 22Nd USENIX Conference on Security, SEC'13, pages 543--558, Berkeley, CA, USA, 2013. USENIX Association. Google ScholarDigital Library
- P. Security Engineering Research Group, Institute of Management Sciences Peshawar. Analysis of Dalvik Virtual Machine and Class Path Library, 2009.Google Scholar
- G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XI, pages 85--96, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- Y. Tang, P. Ames, S. Bhamidipati, A. Bijlani, R. Geambasu, and N. Sarda. CleanOS: Limiting Mobile Data Exposure with Idle Eviction. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation, OSDI'12, pages 77--91, Berkeley, CA, USA, 2012. USENIX Association. Google ScholarDigital Library
- P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Krügel, and G. Vigna. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In NDSS. The Internet Society, 2007.Google Scholar
- T.Wang, K. Lu, L. Lu, S. Chung, and W. Lee. Jekyll on iOS: When Benign Apps Become Evil. In Proceedings of the 22nd USENIX Conference on Security, SEC'13, pages 559--572, Berkeley, CA, USA, 2013. USENIX Association. Google ScholarDigital Library
- W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association. Google ScholarDigital Library
- H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 116--127, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- D. Y. Zhu, J. Jung, D. Song, T. Kohno, and D. Wether-all. TaintEraser: Protecting Sensitive Data Leaks Using Application-level Taint Tracking. SIGOPS Oper. Syst. Rev., 45(1):142--154, Feb. 2011. Google ScholarDigital Library
Index Terms
- LazyTainter: Memory-Efficient Taint Tracking in Managed Runtimes
Recommendations
Efficient fine-grained binary instrumentationwith applications to taint-tracking
CGO '08: Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimizationFine-grained binary instrumentations, such as those for taint-tracking, have become very popular in computer security due to their applications in exploit detection, sandboxing, malware analysis, etc. However, practical application of taint-tracking has ...
POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART)
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityDynamic analysis and taint tracking on Android was typically implemented by instrumenting the Dalvik Virtual Machine. However, the new Android Runtime (ART) introduced in Android 5 replaces the interpreter with an on-device compiler suite. Therefore as ...
Dynamic taint tracking for Java with phosphor (demo)
ISSTA 2015: Proceedings of the 2015 International Symposium on Software Testing and AnalysisDynamic taint tracking is an information flow analysis that can be applied to many areas of testing. Phosphor is the first portable, accurate and performant dynamic taint tracking system for Java. While previous systems for performing general-purpose ...
Comments