SieveDroid: Intercepting Undesirable Private-Data Transmissions in Android Applications at Runtime

Transcription

1 SieveDroid: Intercepting Undesirable Private-Data Transmissions in Android Applications at Runtime Jianmeng Huang 2017,1,12

2 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

3 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

4 Intro current situation

5 Intro current situation

6 Intro current situation

7 Intro examples

8 Intro examples

9 Intro a survey Category Apps PP S NC K FINANCE WEATHER SOCIAL SHOPPING HEALTH AND FITNESS MUSIC AND AUDIO SUM

10 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

11 Current solutions Control at privacy source. Pros: easy to use Cons: need prior knowledge coarse grained only binary options on a type of privacy side-effects

12 Current solutions Control at privacy sink Pros: enable on-device privacy use Cons: need prior knowledge coarse grained only binary options side-effects

13 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

14 Our goals Revealing the sensitive behaviors of apps. target: private data transmissions (PDT). in an intuitive way concise, highlighted

15 Our goals Revealing the sensitive behaviors of apps. target: private data transmissions (PDT). in an intuitive way concise, highlighted Fine-grained privacy control. intercepting the Undesirable PDTs at runtime no or low side-effect

16 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

17 Our solution Collecting runtime information the runtime information of PDTs.

18 Our solution Collecting runtime information the runtime information of PDTs. Presenting organizing the runtime information and presenting the results to users.

19 Our solution Collecting runtime information the runtime information of PDTs. Presenting organizing the runtime information and presenting the results to users. Intercepting intercepting the undesirable PDTs at next executions of the app.

20 Our solution overview APP Log-Profiler PDU-Graph Android OS Monitor Realtime method invocations Filter runtime logs Filter-Rule Generator Filter-Rule Analyst undesirable subroutines Analysis phase Preservation phase

21 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

22 Monitor module three types of logs Callbacks of Android events combine the PDTs with the Android events. user-interaction events: onclick(), onlongclick(), etc. system events: onlowmemory(), onlowbattery(), etc.

23 Monitor module three types of logs Callbacks of Android events combine the PDTs with the Android events. user-interaction events: onclick(), onlongclick(), etc. system events: onlowmemory(), onlowbattery(), etc. Privacy-involved method invocations the execution trace of PDTs Method name: getdeviceid(), getlongtitude(), etc. String values in the method arguments.

24 Monitor module three types of logs Callbacks of Android events combine the PDTs with the Android events. user-interaction events: onclick(), onlongclick(), etc. system events: onlowmemory(), onlowbattery(), etc. Privacy-involved method invocations the execution trace of PDTs Method name: getdeviceid(), getlongtitude(), etc. String values in the method arguments. Privacy sink the detail of the transmitted data Destination,readable strings, etc.

25 Monitor module taint tracking Taint tracking each variable within the VM Interpreter is attached with a taint tag the tag is dynamically updated by a taint propagation algorithm

26 Monitor module runtime logs SieveDroid Application Framework Callback monitor Privacy sink monitor Android Runtime Privacy trace monitor W/TraceLog( 2764): CLICKEVENT class android.widget.relativelayout.onclick() starts. id: ; com.kugou.android:id/ top_kan_layout ThreadId:1 W/TraceLog( 2764): libcore.os.send( ) received data with tag 0x400 data=[content={"prod uctid": "5","dev iceid" :" $ decc4","imei" :" ","imsi":""] ThreadId:58 W/TraceLog( 2764): INMETHOD tag:1024 Method:Landroid/telephony/ TelephonyManager;getDeviceId()Ljava/lang/ String; ThreadId:58

27 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

28 Log-Profiler module Technical challenge logs from loops logs from branches 1 Callback x() { 2 for(i=0;i<count;i++){ 3 Method_A(); 4 Method_B(); 5 } 6 if(condition){ 7 Method_C(); 8 sendapi_1(); 9 } else{ 10 Method_D(); 11 Method_E(); 12 sendapi_2(); 13 } 14 } (a) The source code. Method_C sendapi_1 Callback x Method_A Method_B Method_D Method_E sendapi_2 (c) The PDU-Graph. Log collection PDU-Graph construction Callback x starts Method_A Method_B Method_A Method_B Method_C sendapi_1 Callback x ends Callback x starts Method_A Method_B Method_A Method_B Method_A Method_B Method_C sendapi_1 Callback x ends Callback x starts Method_A Method_B Method_A Method_B Method_D Method_E sendapi_2 Callback x ends (b) The log file.

29 Log-Profiler module Combinations of branches and loops irregular logs Method_A Method_A Method_B Method_A 1 for(i=0; i<count; i++){ 2 Method_A(); 3 if(condition){ 4 continue; 5 } 6 Method_B(); 7 } (a) The source code Method_A Method_B Method_A Method_A Method_B Method_A Method_B (b) The runtime logs (c) The directed graph

30 Log-Profiler module Background threads TakeOut.on Create() Thread. run() ListView. onclick() responsible for data transmissions lack of intention info Method_A Thread.start Method_B Method_E private_data_trans Method_C Method_D Thread.start UI thread Background thread UI thread

31 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

32 Filter module requirements real time intercepting the undesirable PDTs before the privacy is leaked. precise intercepting all the undesirable PDTs marked by users. no or low side-effect do not interfere with the normal app functionalities. performance the mobile device is energy-constrained, computing-limited.

33 Filter module pattern matching A pattern matching mechanism Input: the runtime information Pattern: the undesirable PDTs marked by users.

34 Filter module DFA

35 Filter module DFA

36 Outline 1 Motivation Intro Current solutions Our goals 2 SieveDroid Our solution Monitor module Log-Profiler module Filter module Demo

37 Demo

38 Demo

39 Demo

40 For Further Reading I Enck W, Gilbert P, Han S, Tendulkar V, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), Hornyack P, Han S, Jung J, Schechter S, Wetherall D. These aren t the droids you re looking for: retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, 2011.

41 For Further Reading II Chakraborty S, Shen C, Raghavan KR, Shoukry Y, Millar M, Srivastava M. ipshield: a framework for enforcing context-aware privacy. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14), 2014.