SieveDroid: Intercepting Undesirable Private-Data Transmissions in Android Applications at Runtime
|
|
- Cameron Copeland
- 5 years ago
- Views:
Transcription
1 SieveDroid: Intercepting Undesirable Private-Data Transmissions in Android Applications at Runtime Jianmeng Huang 2017,1,12
2 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
3 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
4 Intro current situation
5 Intro current situation
6 Intro current situation
7 Intro examples
8 Intro examples
9 Intro a survey Category Apps PP S NC K FINANCE WEATHER SOCIAL SHOPPING HEALTH AND FITNESS MUSIC AND AUDIO SUM
10 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
11 Current solutions Control at privacy source. Pros: easy to use Cons: need prior knowledge coarse grained only binary options on a type of privacy side-effects
12 Current solutions Control at privacy sink Pros: enable on-device privacy use Cons: need prior knowledge coarse grained only binary options side-effects
13 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
14 Our goals Revealing the sensitive behaviors of apps. target: private data transmissions (PDT). in an intuitive way concise, highlighted
15 Our goals Revealing the sensitive behaviors of apps. target: private data transmissions (PDT). in an intuitive way concise, highlighted Fine-grained privacy control. intercepting the Undesirable PDTs at runtime no or low side-effect
16 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
17 Our solution Collecting runtime information the runtime information of PDTs.
18 Our solution Collecting runtime information the runtime information of PDTs. Presenting organizing the runtime information and presenting the results to users.
19 Our solution Collecting runtime information the runtime information of PDTs. Presenting organizing the runtime information and presenting the results to users. Intercepting intercepting the undesirable PDTs at next executions of the app.
20 Our solution overview APP Log-Profiler PDU-Graph Android OS Monitor Realtime method invocations Filter runtime logs Filter-Rule Generator Filter-Rule Analyst undesirable subroutines Analysis phase Preservation phase
21 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
22 Monitor module three types of logs Callbacks of Android events combine the PDTs with the Android events. user-interaction events: onclick(), onlongclick(), etc. system events: onlowmemory(), onlowbattery(), etc.
23 Monitor module three types of logs Callbacks of Android events combine the PDTs with the Android events. user-interaction events: onclick(), onlongclick(), etc. system events: onlowmemory(), onlowbattery(), etc. Privacy-involved method invocations the execution trace of PDTs Method name: getdeviceid(), getlongtitude(), etc. String values in the method arguments.
24 Monitor module three types of logs Callbacks of Android events combine the PDTs with the Android events. user-interaction events: onclick(), onlongclick(), etc. system events: onlowmemory(), onlowbattery(), etc. Privacy-involved method invocations the execution trace of PDTs Method name: getdeviceid(), getlongtitude(), etc. String values in the method arguments. Privacy sink the detail of the transmitted data Destination,readable strings, etc.
25 Monitor module taint tracking Taint tracking each variable within the VM Interpreter is attached with a taint tag the tag is dynamically updated by a taint propagation algorithm
26 Monitor module runtime logs SieveDroid Application Framework Callback monitor Privacy sink monitor Android Runtime Privacy trace monitor W/TraceLog( 2764): CLICKEVENT class android.widget.relativelayout.onclick() starts. id: ; com.kugou.android:id/ top_kan_layout ThreadId:1 W/TraceLog( 2764): libcore.os.send( ) received data with tag 0x400 data=[content={"prod uctid": "5","dev iceid" :" $ decc4","imei" :" ","imsi":""] ThreadId:58 W/TraceLog( 2764): INMETHOD tag:1024 Method:Landroid/telephony/ TelephonyManager;getDeviceId()Ljava/lang/ String; ThreadId:58
27 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
28 Log-Profiler module Technical challenge logs from loops logs from branches 1 Callback x() { 2 for(i=0;i<count;i++){ 3 Method_A(); 4 Method_B(); 5 } 6 if(condition){ 7 Method_C(); 8 sendapi_1(); 9 } else{ 10 Method_D(); 11 Method_E(); 12 sendapi_2(); 13 } 14 } (a) The source code. Method_C sendapi_1 Callback x Method_A Method_B Method_D Method_E sendapi_2 (c) The PDU-Graph. Log collection PDU-Graph construction Callback x starts Method_A Method_B Method_A Method_B Method_C sendapi_1 Callback x ends Callback x starts Method_A Method_B Method_A Method_B Method_A Method_B Method_C sendapi_1 Callback x ends Callback x starts Method_A Method_B Method_A Method_B Method_D Method_E sendapi_2 Callback x ends (b) The log file.
29 Log-Profiler module Combinations of branches and loops irregular logs Method_A Method_A Method_B Method_A 1 for(i=0; i<count; i++){ 2 Method_A(); 3 if(condition){ 4 continue; 5 } 6 Method_B(); 7 } (a) The source code Method_A Method_B Method_A Method_A Method_B Method_A Method_B (b) The runtime logs (c) The directed graph
30 Log-Profiler module Background threads TakeOut.on Create() Thread. run() ListView. onclick() responsible for data transmissions lack of intention info Method_A Thread.start Method_B Method_E private_data_trans Method_C Method_D Thread.start UI thread Background thread UI thread
31 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
32 Filter module requirements real time intercepting the undesirable PDTs before the privacy is leaked. precise intercepting all the undesirable PDTs marked by users. no or low side-effect do not interfere with the normal app functionalities. performance the mobile device is energy-constrained, computing-limited.
33 Filter module pattern matching A pattern matching mechanism Input: the runtime information Pattern: the undesirable PDTs marked by users.
34 Filter module DFA
35 Filter module DFA
36 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo
37 Demo
38 Demo
39 Demo
40 For Further Reading I Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), Hornyack P, Han S, Jung J, Schechter S, Wetherall D. These aren t the droids you re looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, 2011.
41 For Further Reading II Chakraborty S, Shen C, Raghavan KR, Shoukry Y, Millar M, Srivastava M. ipshield: a framework for enforcing context-aware privacy. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), 2014.
Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android
Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android Vaibhav Rastogi 1, Zhengyang Qu 2, Jedidiah McClurg 3, Yinzhi Cao 4, and Yan Chen 2 1 University of Wisconsin and Pennsylvania
More informationQuantDroid: Quantitative Approach towards Mitigating Privilege Escalation on Android
QuantDroid: Quantitative Approach towards Mitigating Privilege Escalation on Android Tobias Markmann 1 Dennis Gessner 2 Dirk Westhoff 3 1 HAW Hamburg, Germany 2 NEC Laboratories Europe, Heidelberg, Germany
More information6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014
6.858 Quiz 2 Review Android Security Haogang Chen Nov 24, 2014 1 Security layers Layer Role Reference Monitor Mandatory Access Control (MAC) for RPC: enforce access control policy for shared resources
More informationUser Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps
User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps Position Paper Gökhan Bal, Kai Rannenberg Goethe University Frankfurt
More informationMandatory Access Control for the Android Dalvik VM
Mandatory Access Control for the Android Dalvik VM ESOS 13 Aline Bousquet, Jérémy Briffaut, Laurent Clevy, Christian Toinard, Benjamin Venelle June 25, 2013 Esos 13 Mandatory Access Control for the Android
More informationa bayesian approach to privacy enforcement in smartphones
USENIX Security, 2014 a bayesian approach to privacy enforcement in smartphones Omer Tripp!! IBM Research, NY!! Julia Rubin!! IBM Research, Haifa 1 motivation * http://hackread.com/android-malware-steals-credit-card-information/
More informationDeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun 2, Yuewu Wang 1, Jiwu Jing 1 1 Institute of Information Engineering, CAS 2 College of William and Mary Mon,
More informationAndroid Based Business Card Scanner: An OCR Based Approach
Android Based Business Card Scanner: An OCR Based Approach Prof. Kaushal Patel 1, Prof. Amit Choksi 2 Department of Electronics & Telecommunication Engineering, Birla Vishvakarma Mahavidyalaya engineering
More informationMandatory Access Control for the Android Dalvik Virtual Machine
Mandatory Access Control for the Android Dalvik Virtual Machine Aline Bousquet 1, Jérémy Briffaut 1, Laurent Clevy 2, Christian Toinard 1, Benjamin Venelle 2 1 LIFO - ENSI de Bourges - first.last@ensi-bourges.fr
More informationMobile Security for Banking on Android Platform
Mobile Security for Banking on Android Platform Lukas Aron Petr Hanacek Faculty of Information Technology Brno University of Technology Bozetechova 2 Brno, Czech Republic {iaron, hanacek}@fit.vutbr.cz
More informationReDroid: Prioritizing Data Flows and Sinks for App Security Transformation
FEAST 2017 ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation Ke Tian*, Gang Tan^, Daphne Yao*, Barbara Ryder* *Department of Computer Science Virginia Tech ^Department of CSE Penn
More informationipshield: A Framework For Enforcing Context-Aware Privacy
ipshield: A Framework For Enforcing Context-Aware Privacy Supriyo Chakraborty, Chenguang Shen, Kasturi Rangan Raghavan, Yasser Shoukry, Matt Millar, Mani Srivastava 2 From sensor data to inferences Sensor
More informationCloneCloud: Elastic Execution between Mobile Device and Cloud, Chun et al.
CloneCloud: Elastic Execution between Mobile Device and Cloud, Chun et al. Noah Apthorpe Department of Computer Science Princeton University October 14th, 2015 Noah Apthorpe CloneCloud 1/16 Motivation
More informationSMART DEVICES: DO THEY RESPECT YOUR PRIVACY?
SMART DEVICES: DO THEY RESPECT YOUR PRIVACY? Systems and Mobile Research Lab, Department of Computer Science and Engineering INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Presenter: Sandip Chakraborty sandipc@cse.iitkgp.ac.in
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationNo Surprises: Measuring Intrusiveness of Smartphone Applications By Detecting Objective Context Deviations
No Surprises: Measuring Intrusiveness of Smartphone Applications By Detecting Objective Context Deviations Frances Zhang MIT Computer Science and Artificial Intelligence Lab Cambridge, MA frango@mit.edu
More informationGive in to Procrastination and Stop Prefetching
Give in to Procrastination and Stop Prefetching Lenin Ravindranath Sharad Agarwal Jitendra Padhye Christopher Riederer Microsoft Research & M.I.T. Microsoft Research Microsoft Research Columbia University
More informationSecure Programming Lecture 15: Information Leakage
Secure Programming Lecture 15: Information Leakage David Aspinall 21st March 2017 Outline Overview Language Based Security Taint tracking Information flow security by type-checking Summary Recap We have
More informationPrivacy Panel: Usable and Quantifiable Mobile Privacy
Privacy Panel: Usable and Quantifiable Mobile Privacy Debmalya Biswas Iprova, Switzerland dbiswas@iprova.com Imad Aad University of Bern, Switzerland aad@iam.unibe.ch Gian Paolo Perrucci Nespresso, Switzerland
More informationPlatform-Centric Android Monitoring Modular and Efficient
Platform-Centric Android Monitoring Modular and Efficient Jan-Christoph Küster NICTA and Australian National University Andreas Bauer TU Munich, Germany, and NICTA The platform-centric approaches described
More informationInteroperability framework for communication between processes running on different mobile operating systems
IOP Conference Series: Materials Science and Engineering PAPER OPEN ACCESS Interoperability framework for communication between processes running on different mobile operating systems To cite this article:
More informationA Survey of Android Technology
A Survey of Android Technology Shivam 1, Ranjana sharma 2 1 B.sc(H) 6thsemester,CCSIT,TMU,MORADABAD 2 Assistant Professor, CCSIT, TMU MORADABAD 1 shivamarora2015@gmail.com 2 sharmaranjana04@gmail.com ABSTRACT:
More informationAutomatically Detecting SSL Error-Handling Vulnerabilities in Hybrid Mobile Web Apps
Automatically Detecting SSL Error-Handling Vulnerabilities in Hybrid Mobile Web Apps Chaoshun Zuo Shandong University cszuo2013@gmail.com Jianliang Wu Shandong University lucuswu@gmail.com Shanqing Guo
More informationGraduate Researcher September 2000 May 2006 Ph.D. research, Ph.D. and Masters level coursework and research projects.
Jaeyeon Jung CONTACT INFORMATION Microsoft Research E-mail: jjung@microsoft.com One Microsoft Way Phone: (425) 705-5717 Redmond, WA, USA 98052 http://appanalysis.org/jjung RESEARCH INTERESTS EDUCATION
More informationMobile Security Fall 2011
Mobile Security 14-829 Fall 2011 Patrick Tague Class #17 Location Security and Privacy HW #3 is due today Announcements Exam is in-class on Nov 9 Agenda Location security Location privacy Location, Location,
More informationOptimizing unit test execution in large software programs using dependency analysis
Optimizing unit test execution in large software programs using dependency analysis Taesoo Kim, Ramesh Chandra, and Nickolai Zeldovich MIT CSAIL Abstract TAO is a system that optimizes the execution of
More informationEnergy Efficient Sensing for Managing Context and Privacy on Smartphones
Energy Efficient Sensing for Managing Context and Privacy on Smartphones Prajit Kumar Das, Anupam Joshi and Tim Finin University of Maryland, Baltimore County Baltimore, MD 21250 USA {prajit1,finin,joshi}@.umbc.edu
More informationSPEProxy: Enforcing Fine Grained Security and Privacy Controls on Unmodified Mobile Devices
SPEProxy: Enforcing Fine Grained Security and Privacy Controls on Unmodified Mobile Devices Brian Krupp Computer Science Department Baldwin Wallace University Berea, OH 44145 Email: bkrupp@bw.edu Dan Jesensky
More informationCan Offloading Save Energy for Popular Apps?
Can Offloading Save Energy for Popular Apps? ABSTRACT Aki Saarinen, Matti Siekkinen, Yu Xiao, Jukka K. Nurminen, Matti Kemppainen Aalto University, School of Science, Finland aki@akisaarinen.fi, {matti.siekkinen,
More informationIntroducing Collaboration to Single User Applications
Introducing Collaboration to Single User Applications Abstract Brian Cornell UNC Chapel Hill brian@cs.unc.edu Most research in collaborative systems has been based on designing an ideal system from ground
More informationChallenges for Dynamic Analysis of ios Applications
Challenges for Dynamic Analysis of ios Applications Martin Szydlowski 1, Manuel Egele 2, Christopher Kruegel 2, and Giovanni Vigna 2 1 Secure Systems Lab, Vienna University of Technology, Austria msz@seclab.tuwien.ac.at
More informationSecurity, Privacy, & User Expectations:
Security, Privacy, & User Expectations: Case Studies in Web Tracking and Application Permissions Franziska Roesner Assistant Professor Computer Science & Engineering University of Washington Security,
More informationModeling the Android Platform
Modeling the Android Platform Étienne Payet LIM-ERIMIA, université de la Réunion BYTECODE 13 Saturday 23 March 2013 Étienne Payet (LIM-ERIMIA) Modeling the Android Platform BYTECODE 13 1 / 50 Reunion,
More informationDynamic Taint Tracking for Java with Phosphor (Demo)
Dynamic Taint Tracking for Java with Phosphor (Demo) Jonathan Bell Columbia University 500 West 120th St New York, NY USA jbell@cs.columbia.edu Gail Kaiser Columbia University 500 West 120th St New York,
More informationLecture 9. PSiOS: Bring Your Own Privacy & Security to ios Devices. Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi and Thorsten Holz
Lecture 9 PSiOS: Bring Your Own Privacy & Security to ios Devices Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi and Thorsten Holz Operating Systems Practical December 3, 2014 OSP Lecture 9,
More informationDetecting Advanced Android Malware by Data Flow Analysis Engine. Xu Hao & pll
Detecting Advanced Android Malware by Data Flow Analysis Engine Xu Hao & pll 2013.09 Content Background adfaer - Android Data Flow Analyzer Janus - Detect Reflection Experiment Future Work Android Security
More informationCSCI 420: Mobile Application Security. Lecture 15. Prof. Adwait Nadkarni
CSCI 420: Mobile Application Security Lecture 15 Prof. Adwait Nadkarni 1 Running scripts from home apktool instructions: Move both files (apktool.jar & apktool) to /usr/local/bin (root needed) No-root
More informationPractical DIFC Enforcement on Android
Practical DIFC Enforcement on Android Adwait Nadkarni 1, Benjamin Andow 1, William Enck 1, Somesh Jha 2 1 North Carolina State University 2 University of Wisconsin-Madison The new Modern Operating Systems
More informationSeparating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington
Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems Robert Grimm University of Washington Extensions Added to running system Interact through low-latency interfaces Form
More informationMultithreaded Processors. Department of Electrical Engineering Stanford University
Lecture 12: Multithreaded Processors Department of Electrical Engineering Stanford University http://eeclass.stanford.edu/ee382a Lecture 12-1 The Big Picture Previous lectures: Core design for single-thread
More informationStudy on Network Complexity Based on Clustering Algorithm
Send Orders for Reprints to reprints@benthamscience.ae 1240 The Open Automation and Control Systems Journal, 2014, 6, 1240-1245 Study on Network Complexity Based on Clustering Algorithm Open Access Xinlei
More informationChaoshun Zuo, Wubing Wang, Rui Wang, Zhiqiang Lin
Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services Chaoshun Zuo, Wubing Wang, Rui Wang, Zhiqiang Lin University of Texas at Dallas AppBugs
More informationA Characterization of State Spill in Modern OSes
A Characterization of State Spill in Modern OSes Kevin Boos Emilio Del Vecchio Lin Zhong ECE Department, Rice University EuroSys 2017 How do we deal with complexity? 2 Modularization 1234 complex system
More informationA qualitative metrics vector for the awareness of smartphone security users
A qualitative metrics vector for the awareness of smartphone security users Alexios Mylonas, Dimitris Gritzalis, Bill Tsoumas, Theodore Apostolopoulos Information Security and Critical Infrastructure Protection
More informationProgram Vulnerability Analysis Using DBI
Program Vulnerability Analysis Using DBI CodeEngn Co-Administrator DDeok9@gmail.com 2011.7.2 www.codeengn.com CodeEngn ReverseEngineering Conference Outline What is DBI? Before that How? A simple example
More informationRipple: Reflection Analysis for Android Apps in Incomplete Information Environments
Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments Yifei Zhang, Tian Tan, Yue Li and Jingling Xue Programming Languages and Compilers Group University of New South Wales
More informationBetter Performance Through Thread-local Emulation
Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, Landon P. Cox Duke University ABSTRACT Mobile platforms are shifting away from managed code and toward native
More informationFlowFence: Practical Data Protection for Emerging IoT Application Frameworks
FlowFence: Practical Data Protection for Emerging IoT Application Frameworks Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, Atul Prakash USENIX Security Symposium 11 August
More informationFormal Security Analysis of Android Apps
Formal Security Analysis of Android Apps Matteo Maffei S&P Security and Privacy Group Exploits extremely slow patching process Exploits OS vulnerabilities Breaks sandbox separation logic by notifications
More informationScalable Architectural Support for Trusted Software
Scalable Architectural Support for Trusted Software David Champagne and Ruby B. Lee Princeton University Secure Processor Design 11/02/2017 Dimitrios Skarlatos Motivation Apps handle sensitive/secret information
More informationUsing Network Analyzer Tool to Monitor Bluetooth Mesh Traffic
Using Network Analyzer Tool to Monitor Bluetooth Mesh Traffic KEY FEATURES This training demonstrates the usage of the Network Analyzer tool provided by Silicon Labs, and applies it to monitor Bluetooth
More informationInvestigation of taint analysis for Smartphone-implicit taint detection and privacy leakage detection
Hou et al. EURASIP Journal on Wireless Communications and Networking (2016) 2016:227 DOI 10.1186/s13638-016-0711-4 RESEARCH Investigation of taint analysis for Smartphone-implicit taint detection and privacy
More informationL.C.Smith. Privacy-Preserving Offloading of Mobile App to the Public Cloud
Privacy-Preserving Offloading of Mobile App to the Public Cloud Yue Duan, Mu Zhang, Heng Yin and Yuzhe Tang Department of EECS Syracuse University L.C.Smith College of Engineering 1 and Computer Science
More informationLecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical
Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified
More informationCS 160: Interactive Programming
CS 160: Interactive Programming Professor John Canny 3/8/2006 1 Outline Callbacks and Delegates Multi-threaded programming Model-view controller 3/8/2006 2 Callbacks Your code Myclass data method1 method2
More informationAn Enhanced Security Policy Framework for Android
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More informationUnder The Hood: Performance Tuning With Tizen. Ravi Sankar Guntur
Under The Hood: Performance Tuning With Tizen Ravi Sankar Guntur How to write a Tizen App Tools already available in IDE v2.3 Dynamic Analyzer Valgrind 2 What s NEXT? Want to optimize my application App
More informationLocation Privacy Breach: Apps Are Watching You in Background
Location Privacy Breach: Apps Are Watching You in Background Dachuan Liu College of William and Mary Email: dliu@cs.wm.edu Xing Gao College of William and Mary Email: xinggao@cs.wm.edu Haining Wang University
More informationPIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices
W I S S E N T E C H N I K L E I D E N S C H A F T PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices IAIK, Graz University of Technology, Austria www.iaik.tugraz.at 2 Outline Introduction
More informationAn Effective Access Control Scheme for Preventing Permission Leak in Android
An Effective Access Control Scheme for Preventing Permission Leak in Android Longfei Wu 1, Xiaojiang Du 1, and Hongli Zhang 2 1 Department of Computer and Information Science, Temple University, Philadelphia,
More informationStefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology
Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology One of the most popular application platforms Easy to deploy and access Almost anything
More informationAriadnima - Android Component Flow Reconstruction and Visualization
2017 IEEE 31st International Conference on Advanced Information Networking and Applications Ariadnima - Android Component Flow Reconstruction and Visualization Dennis Titze, Konrad Weiss, Julian Schütte
More informationProvenance: Information for Shared Understanding
Provenance: Information for Shared Understanding M. David Allen June 2012 Approved for Public Release: 3/7/2012 Case 12-0965 Government Mandates Net-Centric Data Strategy mandate: Is the source, accuracy
More informationA hybrid approach to application instrumentation
A hybrid approach to application instrumentation Ashay Rane, Leo Fialho and James Browne 4 th August, 2014 Petascale Tools Workshop 1 Program Instrumentation What is instrumentation? Addition of statements
More informationMobile Application Privacy Policy
Mobile Application Privacy Policy Introduction This mobile application is hosted and operated on behalf of your health plan. As such, some information collected through the mobile application may be considered
More informationFrameworks & Security
Frameworks & Security How web frameworks kill your static security scans AppSec Research 2010 Christian Hang Armorize Technologies chris@armorize.com Copyright The Foundation Permission is granted to copy,
More informationMobility meets Web. Al Johri & David Elutilo
Mobility meets Web Al Johri & David Elutilo Origin-Based Access Control in Hybrid Application Frameworks Outline 1. Introduction Hybrid Apps & Frameworks 2. Security Models 3. Bridges 4. Fracking 5. Existing
More informationMethod-Level Phase Behavior in Java Workloads
Method-Level Phase Behavior in Java Workloads Andy Georges, Dries Buytaert, Lieven Eeckhout and Koen De Bosschere Ghent University Presented by Bruno Dufour dufour@cs.rutgers.edu Rutgers University DCS
More informationMaxoid: Transparently Confining Mobile Applications with Custom Views of State
Maxoid: Transparently Confining Mobile Applications with Custom Views of State Yuanzhong Xu and Emmett Witchel University of Texas at Austin 4/24/2015 Bordeaux, France Focus of this work Security problems:
More informationURANOS: User-Guided Rewriting for Plugin-Enabled ANdroid ApplicatiOn Security
URANOS: User-Guided Rewriting for Plugin-Enabled ANdroid ApplicatiOn Security Daniel Schreckling, Stephan Huber, Focke Höhne, and Joachim Posegga Institute of IT-Security and Security Law University of
More informationDeveloping Android applications in Windows
Developing Android applications in Windows Below you will find information about the components needed for developing Android applications and other (optional) software needed to connect to the institution
More informationAtomic Transac1ons. Atomic Transactions. Q1: What if network fails before deposit? Q2: What if sequence is interrupted by another sequence?
CPSC-4/6: Operang Systems Atomic Transactions The Transaction Model / Primitives Serializability Implementation Serialization Graphs 2-Phase Locking Optimistic Concurrency Control Transactional Memory
More informationResearch Article How Dangerous Are Your Smartphones? App Usage Recommendation with Privacy Preserving
Mobile Information Systems Volume 216, Article ID 684379, 1 pages http://dx.doi.org/1.1155/216/684379 Research Article How Dangerous Are Your Smartphones? App Usage Recommendation with Privacy Preserving
More informationPhosphor: Illuminating Dynamic. Data Flow in Commodity JVMs
Phosphor: Illuminating Dynamic Fork me on Github Data Flow in Commodity JVMs Jonathan Bell and Gail Kaiser Columbia University, New York, NY USA Dynamic Data Flow Analysis: Taint Tracking Output that is
More informationDefDroid: Towards a More Defensive Mobile OS Against Disruptive App Behavior
http://defdroid.org DefDroid: Towards a More Defensive Mobile OS Against Disruptive App Behavior Peng (Ryan) Huang, Tianyin Xu, Xinxin Jin, Yuanyuan Zhou UC San Diego Growing number of (novice) app developers
More informationAdapting applications to exploit virtualization management knowledge
Adapting applications to exploit virtualization management knowledge DMTF SVM 2013 Outline Motivation Applications running on virtualized infrastructure suffer! 1 Example of suffering, by experiment 2
More informationCS371m - Mobile Computing. Content Providers And Content Resolvers
CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of the four primary application components: activities content providers / content resolvers services broadcast receivers
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated by FSE 2016 Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research
More informationTowards a Systematic Study of the Covert Channel Attacks in Smartphones
Towards a Systematic Study of the Covert Channel Attacks in Smartphones Swarup Chandra 1, Zhiqiang Lin 1, Ashish Kundu 2, and Latifur Khan 1 1 University of Texas at Dallas, Richardson, TX, USA {swarup.chandra,zhiqiang.lin,lkhan}@utdallas.edu
More informationJiST Java in Simulation Time An efficient, unifying approach to simulation using virtual machines
JiST Java in Simulation Time An efficient, unifying approach to simulation using virtual machines Rimon Barr, Zygmunt Haas, Robbert van Renesse rimon@acm.org haas@ece.cornell.edu rvr@cs.cornell.edu. Cornell
More informationTransparent Privacy Control via Static Information Flow Analysis
Transparent Privacy Control via Static Information Flow Analysis Xusheng Xiao Nikolai Tillmann Manuel Fahndrich Jonathan de Halleux Michal Moskal Microsoft Research One Microsoft Way, Redmond WA 98052,
More informationMasquerade of Mobile Applications: Introducing Unlinkability in a Practical Way
Masquerade of Mobile Applications: Introducing Unlinkability in a Practical Way Huan Feng and Kang G. Shin Department of Electrical Engineering and Computer Science The University of Michigan Ann Arbor
More informationTapir: a language for verified OS kernel probes
Tapir: a language for verified OS kernel probes Ilya Yanok, Nathaniel Nystrom 4 Oct 2015 Motivation System debugging and tuning Systems are large and complex Problems often occur only after deployment
More informationInformation Flow Control and Privacy. Dennis Chen Ming Chow
Information Flow Control and Privacy Dennis Chen Dennis.Chen@tufts.edu Ming Chow Abstract With the rise of technology and the worry of protecting private user information, a new security practice must
More informationSARRE: Semantics-Aware Rule Recommendation and Enforcement for Event Paths on Android
2748 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 12, DECEMBER 2016 SARRE: Semantics-Aware Rule Recommendation and Enforcement for Event Paths on Android Yongbo Li, Student Member,
More informationOpen Mobile Platforms. EE 392I, Lecture-6 May 4 th, 2010
Open Mobile Platforms EE 392I, Lecture-6 May 4 th, 2010 Open Mobile Platforms The Android Initiative T-Mobile s ongoing focus on Android based devices in US and EU markets In Nov 2007, Google announced
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research Group
More informationFinding Clues For Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps
Finding Clues For Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps Yuhong Nan, Zhemin Yang, Yuan Zhang, Donglai Zhu and Min Yang Fudan University Xiaofeng Wang Indiana University
More informationRevealing Hidden Context Improving Users Mental Models of Personal Firewalls
University of British Columbia Revealing Hidden Context Improving Users Mental Models of Personal Firewalls Fahimeh Raja Kirstie Hawkey and Konstantin Beznosov 1 Outline Background Windows Vista firewall
More informationOld, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures
Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan ACM CODASPY 11 Joint work with Kari Kostiainen, Elena Reshetova, Jan-Erik Ekberg Feb 22, 2011
More informationTrack Kit App Reference Guide: Collecting Waypoints, Tracks and Photos
This reference guide outlines how to use the Track Kit & Track Kit Pro smartphone app to collect geospatial field data, including waypoints, tracks, and photos. Track Kit is a simple app for ios and Android
More informationApex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints
Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints Mohammad Nauman Institute of Management Sciences, Pakistan nauman@imsciences.edu.pk Sohail Khan School of
More informationAndroid Taint Flow Analysis for App Sets
Android Taint Flow Analysis for App Sets William Klieber Lori Flynn ERT / SEI, arnegie Mellon University {weklieber, lflynn}@cert.org Amar Bhosale Limin Jia Lujo Bauer arnegie Mellon University {amarb,
More informationVirtualization (II) SPD Course 17/03/2010 Massimo Coppola
Virtualization (II) SPD Course 17/03/2010 Massimo Coppola The players The Hypervisor (HV) implements the virtual machine emulation to run a Guest OS Provides resources and functionalities to the Guest
More informationProduced by. Mobile Application Development. David Drohan Department of Computing & Mathematics Waterford Institute of Technology
Mobile Application Development Produced by David Drohan (ddrohan@wit.ie) Department of Computing & Mathematics Waterford Institute of Technology http://www.wit.ie The image cannot be displayed. Your computer
More informationOn Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber
More information8.3 Mandatory Flow Control Models
8.3 Mandatory Flow Control Models Mingsen Xu Advanced Operating System 2011-10-26 Outline Mandatory Flow Control Models - Information Flow Control - Lattice Model - Multilevel Security Model - Bell-Lapadula
More informationProduced by. Design Patterns. MSc in Communications Software. Eamonn de Leastar
Design Patterns MSc in Communications Software Produced by Eamonn de Leastar (edeleastar@wit.ie) Department of Computing, Maths & Physics Waterford Institute of Technology http://www.wit.ie http://elearning.wit.ie
More informationGOOGLE S Android has dominated smart phone operating
INTL JOURNAL OF ELECTRONICS AND TELECOMMUNICATIONS, 2015, VOL. 61, NO. 4, PP. 311 320 Manuscript received October 10, 2015; revised December, 2015. DOI: 10.1515/eletel-2015-0040 An Android Security Policy
More information