Brought to my attention as part of a broader study:
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
Authors: William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. For their paper TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones.
In OSDI’10: Proceedings of the 9th USENIX conference on Operating systems design and implementation. “This paper was instrumental in demonstrating that taint tracking could be made both efficient and fine-grained. For unmodified smartphone applications, with minimal monitoring overhead, the authors found dozens of potential leaks of sensitive and private information. This work sparked an important research agenda on smartphone privacy that continues to this day.”
Publication:OSDI'10: Proceedings of the 9th USENIX conference on Operating systems design and implementationOctober 2010 Pages 393–407
OSDI'10: Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones Pages 393–407
ABSTRACT
Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides realtime analysis by leveraging Android's virtualized execution environment. TaintDroid incurs only 14% performance overhead on a CPU-bound micro-benchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of potential misuse of users' private information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications. ... '
No comments:
Post a Comment