Mingshen Sun
Tao Wei
John C.S. Lui
ABSTRACT
Mobile operating systems like Android failed to provide sufficient protection on personal data, and privacy leakage becomes a major concern. To understand the security risks and privacy leakage, analysts have to carry out data-flow analysis. In 2014, Android upgraded with a fundamentally new design known as Android RunTime (ART) environment in Android 5.0. ART adopts ahead-of-time compilation strategy and replaces previous virtual-machine-based Dalvik. Unfortunately, many data-flow analysis systems like TaintDroid were designed for the legacy Dalvik environment. This makes data-flow analysis of new apps and malware infeasible. We design a multi-level information-flow tracking system for the new Android system called TaintART. TaintART employs a multi-level taint analysis technique to minimize the taint tag storage. Therefore, taint tags can be stored in processor registers to provide efficient taint propagation operations. We also customize the ART compiler to maximize performance gains of the ahead-of-time compilation optimizations. Based on the general design of TaintART, we also implement a multi-level privacy enforcement to prevent sensitive data leakage. We demonstrate that TaintART only incurs less than 15% overheads on a CPU-bound microbenchmark and negligible overhead on built-in or third-party applications. Compared to legacy Dalvik environment in Android 4.4, TaintART achieves about 99.7% faster performance for Java runtime benchmark.
- V. Afonso, A. Bianchi, Y. Fratantonio, A. Doupé, M. Polino, P. de Geus, C. Kruegel, and G. Vigna. Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy. In NDSS, 2016.Google Scholar
Cross Ref
- S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In ACM SIGPLAN Notices, 2014. Google ScholarDigital Library
- M. Backes, S. Bugiel, E. Derr, S. Gerling, and C. Hammer. R-droid: Leveraging android app analysis with static slice optimization. In ASIACCS, 2016. Google ScholarDigital Library
- M. Backes, S. Bugiel, E. Derr, P. McDaniel, D. Octeau, and S. Weisgerber. On demystifying the android application framework: Re-visiting android permission specification analysis. In USENIX Security, 2016.Google Scholar
- R. Balebako, J. Jung, W. Lu, L. F. Cranor, and C. Nguyen. Little brothers watching you: Raising awareness of data leaks on smartphones. In SOUPS, 2013. Google ScholarDigital Library
- A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, and G. Vigna. What the app is that? deception and countermeasures in the android user interface. In S&P, 2015. Google ScholarDigital Library
- Bloomberg. Arm designs one of the world's most-used products. http://www.bloomberg.com/bw/articles/2014-02-04/arm-chips-are-the-most-used-consumer-product-dot-where-s-the-money.Google Scholar
- E. Bosman, A. Slowinska, and H. Bos. Minemu: The world's fastest taint tracker. In RAID, 2011. Google ScholarDigital Library
- S. Bugiel, S. Heuser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In USENIX Security, 2013. Google ScholarDigital Library
- S. Calzavara, I. Grishchenko, and M. Maffei. Horndroid: Practical and sound static analysis of android applications by smt solving. In Euro S&P, 2016.Google ScholarCross Ref
- Y. Cao, Y. Fratantonio, A. Bianchi, M. Egele, C. Kruegel, G. Vigna, and Y. Chen. Edgeminer: Automatically detecting implicit control flow transitions through the android framework. In NDSS, 2015.Google ScholarCross Ref
- J. Chen, H. Chen, E. Bauman, Z. Lin, B. Zang, and H. Guan. You shouldn't collect my secrets: Thwarting sensitive keystroke leakage in mobile ime apps. In USENIX Security, 2015. Google ScholarDigital Library
- Q. A. Chen, Z. Qian, and Z. M. Mao. Peeking into your app without actually seeing it: Ui state inference and novel android attacks. In USENIX Security, 2014. Google ScholarDigital Library
- E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In MobiSys, 2011. Google ScholarDigital Library
- V. Costamagna and C. Zheng. Artdroid: Simple and easy to use library to intercept virtual-method calls under the android art runtime. In Proceedings of the Workshop on Innovations in Mobile Privacy and Security, 2016.Google Scholar
- M. Dam, G. Le Guernic, and A. Lundblad. Treedroid: A tree automaton based approach to enforcing data processing policies. In CCS, 2012. Google ScholarDigital Library
- B. Davis and H. Chen. Retroskeleton: retrofitting android apps. In MobiSys, 2013. Google ScholarDigital Library
- M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel. An empirical study of cryptographic misuse in android applications. In CCS, 2013. Google ScholarDigital Library
- W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. TOCS, 2014. Google ScholarDigital Library
- A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In USENIX Security, 2011. Google ScholarDigital Library
- H. Feng, K. Fawaz, and K. G. Shin. Linkdroid: reducing unregulated aggregation of app usage behaviors. In USENIX Security, 2015. Google ScholarDigital Library
- S. Fink and J. Dolby. Wala--the tj watson libraries for analysis, 2012.Google Scholar
- C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In TRUST, 2012. Google ScholarDigital Library
- Google. Android dashboards. https://developer.android.com/about/dashboards/index.html.Google Scholar
- Google. Dalvik jit. http://android-developers.blogspot.hk/2010/05/dalvik-jit.html.Google Scholar
- Google. Ui/application exerciser monkey. https://developer.android.com/studio/test/monkey.html.Google Scholar
- M. I. Gordon, D. Kim, J. H. Perkins, L. Gilham, N. Nguyen, and M. C. Rinard. Information flow analysis of android applications in droidsafe. In NDSS, 2015.Google ScholarCross Ref
- M. C. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock android smartphones. In NDSS, 2012.Google Scholar
- gsbabil. Antitaintdroid.Google Scholar
- H. Hao, V. Singh, and W. Du. On the effectiveness of api-level access control using bytecode rewriting in android. In ASIACCS, 2013. Google ScholarDigital Library
- S. Heuser, A. Nadkarni, W. Enck, and A.-R. Sadeghi. Asm: A programmable interface for extending android security. In USENIX Security, 2014. Google ScholarDigital Library
- H. Huang, S. Zhu, K. Chen, and P. Liu. From system services freezing to system server shutdown in android: All you need is a loop in an app. In CCS, 2015. Google ScholarDigital Library
- Y. Jing, G.-J. Ahn, Z. Zhao, and H. Hu. Towards automated risk assessment and mitigation of mobile applications. TDSC, 2015.Google ScholarDigital Library
- D. Kirat, G. Vigna, and C. Kruegel. Barecloud: bare-metal analysis-based evasive malware detection. In USENIX Security, 2014. Google ScholarDigital Library
- L. Li, A. Bartel, T. F. Bissyandé, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel. Iccta: Detecting inter-component privacy leaks in android apps. In ICSE, 2015. Google ScholarDigital Library
- K. Lu, Z. Li, V. P. Kemerlis, Z. Wu, L. Lu, C. Zheng, Z. Qian, W. Lee, and G. Jiang. Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In NDSS, 2015.Google ScholarCross Ref
- L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In CCS, 2012. Google ScholarDigital Library
- W. Meng, R. Ding, S. P. Chung, S. Han, and W. Lee. The price of free: Privacy leakage in personalized mobile in-app ads. In NDSS, 2016.Google ScholarCross Ref
- Pendragon Software Corporation. CaffeineMark 3.0. http://www.benchmarkhq.ru/cm30/.Google Scholar
- T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis. Rage against the virtual machine: hindering dynamic analysis of android malware. In EuroSec, 2014. Google ScholarDigital Library
- S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna. Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In NDSS, 2014.Google ScholarCross Ref
- C. Qian, X. Luo, Y. Shao, and A. T. Chan. On tracking information flows through jni in android applications. In DSN, 2014. Google ScholarDigital Library
- V. Rastogi, Y. Chen, and W. Enck. Appsplayground: automatic security analysis of smartphone applications. In CODASPY, 2013. Google ScholarDigital Library
- C. Ren, Y. Zhang, H. Xue, T. Wei, and P. Liu. Towards discovering and understanding task hijacking in android. In USENIX Security, 2015. Google ScholarDigital Library
- G. Sarwar, O. Mehani, R. Boreli, and M. A. Kaafar. On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices. In SECRYPT, 2013.Google Scholar
- E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In S&P, 2010. Google ScholarDigital Library
- Y. Shao, J. Ott, Q. A. Chen, Z. Qian, and Z. M. Mao. Kratos: Discovering inconsistent security policy enforcement in the android framework. In NDSS, 2016.Google ScholarCross Ref
- M. Sun, M. Li, and J. C. S. Lui. Droideagle: Seamless detection of visually similar android apps. In WiSec, 2015. Google ScholarDigital Library
- M. Sun, J. C. S. Lui, and Y. Zhou. Blender: Self-randomizing address space layout for android apps. In RAID, 2016.Google ScholarCross Ref
- M. Sun, M. Zheng, J. C. S. Lui, and X. Jiang. Design and implementation of an android host-based intrusion prevention system. In ACSAC, 2014. Google ScholarDigital Library
- K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro. Copperdroid: Automatic reconstruction of android malware behaviors. In NDSS, 2015.Google ScholarCross Ref
- X. Wang, K. Sun, Y. Wang, and J. Jing. Deepdroid: Dynamically enforcing enterprise policy on android devices. In NDSS, 2015.Google ScholarCross Ref
- F. Wei, S. Roy, X. Ou, et al. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In CCS, 2014. Google ScholarDigital Library
- M. Y. Wong and D. Lie. Intellidroid: A targeted input generator for the dynamic analysis of android malware. In NDSS, 2016.Google ScholarCross Ref
- C. Wu, Y. Zhou, K. Patel, Z. Liang, and X. Jiang. Airbag: Boosting smartphone resistance to malware infection. In NDSS, 2014.Google ScholarCross Ref
- L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang. The impact of vendor customizations on android security. In CCS, 2013. Google ScholarDigital Library
- M. Xia, L. Gong, Y. Lyu, Z. Qi, and X. Liu. Effective real-time android application auditing. In S&P, 2015. Google ScholarDigital Library
- R. Xu, H. Saıdi, and R. Anderson. Aurasium: Practical policy enforcement for android applications. In USENIX Security, 2012. Google ScholarDigital Library
- L. K. Yan and H. Yin. Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In USENIX Security, 2012. Google ScholarDigital Library
- X. Zhang, K. Ying, Y. Aafer, Z. Qiu, and W. Du. Life after app uninstallation: Are the data still alive? data residue attacks on android. In NDSS, 2016.Google ScholarCross Ref
- Y. Zhang, M. Yang, B. Xu, Z. Yang, G. Gu, P. Ning, X. S. Wang, and B. Zang. Vetting undesirable behaviors in android apps with permission use analysis. In CCS, 2013. Google ScholarDigital Library
- Y. Zhang, M. Yang, B. Zhou, Z. Yang, W. Zhang, and B. Zang. Swift: A register-based jit compiler for embedded jvms. In VEE, 2012. Google ScholarDigital Library
- C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In SPSM, 2012. Google ScholarDigital Library
- M. Zheng, M. Sun, and J. C. S. Lui. Droidanalytics: a signature based analytic system to collect, extract, analyze and associate android malware. In TrustCom, 2013. Google ScholarDigital Library
- M. Zheng, M. Sun, and J. C. S. Lui. Droidray: a security evaluation system for customized android firmwares. In ASIACCS, 2014. Google ScholarDigital Library
- Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In S&P, 2012. Google ScholarDigital Library
Index Terms
- TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime
Recommendations
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking ...
The ART of App Compartmentalization: Compiler-based Library Privilege Separation on Stock Android
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityThird-party libraries are commonly used by app developers for alleviating the development efforts and for monetizing their apps. On Android, the host app and its third-party libraries reside in the same sandbox and share all privileges awarded to the ...
Leveraging historical versions of Android apps for efficient and precise taint analysis
MSR '18: Proceedings of the 15th International Conference on Mining Software RepositoriesToday, computing on various Android devices is pervasive. However, growing security vulnerabilities and attacks in the Android ecosystem constitute various threats through user apps. Taint analysis is a common technique for defending against these ...
Comments