Owner-Centric Protection of Unstructured Data on Smartphones
作者: Yajin Zhou , Kapil Singh , Xuxian Jiang
DOI: 10.1007/978-3-319-08593-7_4
关键词:
摘要: Modern smartphone apps tend to contain and use vast amounts of data that can be broadly classified as structured unstructured. Structured data, such an user's geolocation, has predefined semantics retrieved by well-defined platform APIs. Unstructured on the other hand, relies context reflect its meaning value, is typically provided user directly into app's interface. Recent research shown third-party are leaking highly-sensitive unstructured including banking credentials. Unfortunately, none current solutions focus protection data. In this paper, we propose owner-centric solution protect smartphones. Our approach allows owners specify security policies when providing their untrusted apps. It tracks flow information enforce owner's at strategic exit points. Based approach, design implement a system, called DataChest . We develop several mechanisms reduce burden keep interruption minimum, while same time preventing malicious from tricking user. evaluate our system against set real-world series synthetic attacks show it successfully prevent leakage incurring reasonable performance overhead.
springer.com
sci-hub.st 参考文章(25)
Yajin Zhou, Xinwen Zhang, Xuxian Jiang, Vincent W. Freeh, Taming information-stealing smartphone applications (on Android) trust and trustworthy computing. pp. 93- 107 ,(2011) , 10.1007/978-3-642-21599-5_7
Sravan Bhamidipati, Nikhil Sarda, Ashish Bijlani, Yang Tang, Roxana Geambasu, Phillip Ames, CleanOS: limiting mobile data exposure with idle eviction operating systems design and implementation. pp. 77- 91 ,(2012) , 10.5555/2387880.2387888
Shashi Shekhar, Michael Dietz, Dan S. Wallach, AdSplit: separating smartphone advertising from applications usenix security symposium. pp. 28- 28 ,(2012)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
Shashi Shekhar, Michael Dietz, Anhei Shu, Dan S. Wallach, Yuliy Pisetsky, Quire: lightweight provenance for smart phone operating systems usenix security symposium. pp. 23- 23 ,(2011)
Babil Golam Sarwar, Olivier Mehani, Roksana Boreli, Mohamed-Ali Kaafar, None, On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices international conference on security and cryptography. pp. 461- 468 ,(2013)
Alexander Moshchuk, Adrienne Porter Felt, Helen J. Wang, Erika Chin, Steven Hanna, Permission re-delegation: attacks and defenses usenix security symposium. pp. 22- 22 ,(2011)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Yu-Yuan Chen, Pramod A. Jamkhedkar, Ruby B. Lee, A software-hardware architecture for self-protecting data Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 14- 27 ,(2012) , 10.1145/2382196.2382201