skip to main content
research-article

PIFT: Predictive Information-Flow Tracking

Published:25 March 2016Publication History
Skip Abstract Section

Abstract

Phones today carry sensitive information and have a great number of ways to communicate that data. As a result, malware that steal money, information, or simply disable functionality have hit the app stores. Current security solutions for preventing undesirable data leaks are mostly high-overhead and have not been practical enough for smartphones. In this paper, we show that simply monitoring just some instructions (only memory loads and stores) it is possible to achieve low overhead, highly accurate information flow tracking. Our method achieves 98% accuracy (0% false positive and 2% false negative) over DroidBench and was able to successfully catch seven real-world malware instances that steal phone number, location, and device ID using SMS messages and HTTP connections.

References

  1. Run-time ABI for the ARM architecture. http://infocenter.arm.com/help/topic/com.arm.doc.ihi0043d/IHI0043D_rtabi.pdf.Google ScholarGoogle Scholar
  2. Bbench-gem5. http://www.m5sim.org/BBench-gem5.Google ScholarGoogle Scholar
  3. Dalvik bytecode. https://source.android.com/devices/tech/dalvik/dalvik-bytecode.html.Google ScholarGoogle Scholar
  4. DroidBench Version 1.1. http://sseblog.ec-spride.de/tools/droidbench/.Google ScholarGoogle Scholar
  5. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. N. Binkert, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R. Hower, T. Krishna, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M. D. Hill, and D. A. Wood. The gem5 simulator. SIGARCH Comput. Archit. News, 39 (2): 1--7, Aug. 2011.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Y. Cao, Y. Fratantonio, A. Bianchi, M. Egele, C. Kruegel, G. Vigna, and Y. Chen. Edgeminer: Automatically detecting implicit control flow transitions through the android framework. In Proceedings of the 22nd Network and Distributed System Security Symposium, NDSS, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  8. M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A flexible information flow architecture for software security. In Proceedings of the 34th Annual International Symposium on Computer Architecture, ISCA, 2007.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI, 2010.Google ScholarGoogle Scholar
  10. C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale. In Proceedings of the 5th International Conference on Trust and Trustworthy Computing, TRUST, 2012.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical taint-based protection using demand emulation. In Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems, EuroSys, 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. G. Kang, S. McCamant, P. Poosankam, and D. Song. Dta+: Dynamic taint analysis with targeted control-flow propagation. In phProceedings of the 18th Network and Distributed System Security Symposium, NDSS, 2011.Google ScholarGoogle Scholar
  13. K. Lu, Z. Li, V. Kemerlis, Z. Wu, L. Lu, C. Zheng, Z. Qian, W. Lee, and G. Jiang. Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In Proceedings of the 22nd Network and Distributed System Security Symposium, NDSS, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  14. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Network and Distributed System Security Symposium, NDSS, 2005.Google ScholarGoogle Scholar
  15. F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO, 2006.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. E. Suh, J. Lee, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, 2004.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. Tiwari, B. Agrawal, S. Mysore, J. Valamehr, and T. Sherwood. A small cache of large ranges: Hardware methods for efficiently searching, storing, and updating big dataflow tags. In Proceedings of the 41st Annual IEEE/ACM International Symposium on Microarchitecture, MICRO, 2008.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, 2009.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. G. Venkataramani, I. Doudalis, Y. Solihin, and M. Prvulovic. Flexitaint: A programmable accelerator for dynamic taint propagation. In Proceedings of the 14th IEEE International Symposium on High Performance Computer Architecture, HPCA, 2008.Google ScholarGoogle ScholarCross RefCross Ref
  20. E. Witchel, J. Cates, and K. Asanović. Mondrian memory protection. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, 2002.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. L. K. Yan and H. Yin. Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In Proceedings of the 21st USENIX Conference on Security Symposium, Security, 2012.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS, 2007.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. D. Y. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall. Tainteraser: Protecting sensitive data leaks using application-level taint tracking. SIGOPS Oper. Syst. Rev., 45 (1): 142--154, 2011.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. PIFT: Predictive Information-Flow Tracking

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 51, Issue 4
      ASPLOS '16
      April 2016
      774 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2954679
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
      • cover image ACM Conferences
        ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems
        March 2016
        824 pages
        ISBN:9781450340915
        DOI:10.1145/2872362
        • General Chair:
        • Tom Conte,
        • Program Chair:
        • Yuanyuan Zhou

      Copyright © 2016 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 25 March 2016

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!