TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
作者: William Enck , Patrick McDaniel , Jaeyeon Jung , Byung-Gon Chun , Peter Gilbert
关键词: Android (operating system) 、 Mobile malware 、 Confused deputy problem 、 Security service 、 Tracking system 、 Privilege escalation 、 Taint checking 、 Computer security 、 Computer science
摘要: Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings TaintDroid, an efficient, system-wide dynamic taint tracking analysis system capable of simultaneously multiple sources sensitive TaintDroid provides realtime by leveraging Android's virtualized execution environment. incurs only 14% performance overhead on a CPU-bound micro-benchmark imposes negligible interactive applications. Using monitor the behavior 30 popular Android applications, we found 68 instances potential misuse users' information across 20 Monitoring data informed for phone valuable input security service firms seeking identify misbehaving
elsevier.com
acm.org
appanalysis.org 
swarthmore.edu 
columbia.edu 参考文章(65)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Jong Youl Choi, Ninghui Li, Zhuowei Li, XiaoFeng Wang, PRECIP: Towards Practical and Retrofittable Confidential Information Protection. network and distributed system security symposium. ,(2008)
Stuart Schechter, Jon Howell, What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors IEEE. ,(2010)
Engin Kirda, Christopher Krügel, Nenad Jovanovic, Giovanni Vigna, Philipp Vogt, Florian Nentwich, Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. network and distributed system security symposium. ,(2007)
Tal Garfinkel, Mendel Rosenblum, Kevin Christopher, Ben Pfaff, Jim Chow, Understanding data lifetime via whole system simulation usenix security symposium. pp. 22- 22 ,(2004)
Sheng Liang, Java Native Interface: Programmer's Guide and Specification ,(1999)
Collin Mulliner, Giovanni Vigna, David Dagon, Wenke Lee, Using Labeling to Prevent Cross-Service Attacks Against Smart Phones Detection of Intrusions and Malware & Vulnerability Assessment. pp. 91- 108 ,(2006) , 10.1007/11790754_6
Mauro Conti, Vu Thien Nga Nguyen, Bruno Crispo, CRePE: context-related policy enforcement for android international conference on information security. ,vol. 6531, pp. 331- 345 ,(2010) , 10.1007/978-3-642-18178-8_29
Sheng Liang, Java Native Interface: Programmer's Guide and Reference Addison-Wesley Longman Publishing Co., Inc.. ,(1999)