taint droid
TRANSCRIPT
-
8/13/2019 Taint Droid
1/26
SSS12 - HW3: TaintDroid Alexander Georgii-Hemming Cyon
Andreas CederholmMathias PedersenMagnus Bergman
Mattias UskaliCarl Bjrkman
-
8/13/2019 Taint Droid
2/26
- What is TaintDroid?- Why TaintDroid?- Design challenges- Design of TaintDroid
- Benchmarks and results- Limitations
Outline
-
8/13/2019 Taint Droid
3/26
The authors of the paper are the creators ofTaintDroid
Important note
-
8/13/2019 Taint Droid
4/26
What is TaintDroid?
- TaintDroid is a software developed for Android with the purpose of analyzing Androidapplications with aspect to information flow (IF)- TaintDroid is an example of a dynamicanalysis system of IF.- TaintDroid is developed by various academic
persons in cooperation with Intel Labs.- The source code of TaintDroid is available at:www.appanalysis.org- TaintDroid modifies the Android OS
-
8/13/2019 Taint Droid
5/26
Why TaintDroid?
- Applications on Android Market not verified bygoogle( which is the case in AppStore)- Developers can only request coarse-grainedpermissions- Users rarely reads or understands themeaning of the permissions
-
8/13/2019 Taint Droid
6/26
How IF can be applied in mobile OS
- It is possible to develop applications whichexposes sensitive user information to thirdparties.- It is not only possible, there are a lot of appswhich does so.- IF analysis helps with detecting those
confidentially compromising apps.
-
8/13/2019 Taint Droid
7/26
Design challenges
- Smartphones are resource constrained.Introducing CPU/RAM overhead is muchnoticeable on those devices.- Permission system is too coarse-grained,which gives third party apps access to a lot ofsensitive user data.
- Difficult to identify the sensitive data- Information can be leaked to other apps
-
8/13/2019 Taint Droid
8/26
TaintDroid taint sources
- GPS- Files on SD-card- Contacts- Accelerometer - Microphone- Camera- SMS- Sim card data- IMEI Number
-
8/13/2019 Taint Droid
9/26
TaintDroid taint sinks
- WiFi- 3G- Bluetooth- SMS- NFC
-
8/13/2019 Taint Droid
10/26
Level trackings
-
8/13/2019 Taint Droid
11/26
Flow of taints within TaintDroid
-
8/13/2019 Taint Droid
12/26
Flow of taints within TaintDroid ct'd
- What Taintdroid does is- Every data read from a tainted source wichand store it in a variable than that variable willbe tainted.- If that variable then is copied that variable willalso be marked as tainted.
- The taint tags are stored next to the variablein the memory in order to get good memorylocality
-
8/13/2019 Taint Droid
13/26
Flow of taints within TaintDroid ct'd
-
8/13/2019 Taint Droid
14/26
Flow of taints within TaintDroid ct'd
-
8/13/2019 Taint Droid
15/26
Message-level tracking
- Communication between applications- IPC uses parcels
-
8/13/2019 Taint Droid
16/26
Method-level tracking
- Used for system-provided native libraries
-
8/13/2019 Taint Droid
17/26
File-level tracking
- Ensures persistent information conservativelyretains its taint markings
-
8/13/2019 Taint Droid
18/26
Benchmarks
When benchmarking security they found outthat out of 105 flagged instances, 37 of themturned out to be well-founded flags.
-
8/13/2019 Taint Droid
19/26
Benchmarks
When it comes to speed there are two ways ofmeasuring: "macroscopic" and "microscopic"speed benchmarking.Macroscopic: High-level functionality. "Howlong does it take to read a post in the contactlist?"
Microscopic: Automatable analysis of delays inlow-level calls.
-
8/13/2019 Taint Droid
20/26
Benchmarks
-
8/13/2019 Taint Droid
21/26
Benchmarks
Speed overhead in macroscopic analysis: App load time: 3% Address Book (create): 5% Address Book (read): 18%Phone Call: 10%Take Picture: 29%
-
8/13/2019 Taint Droid
22/26
Benchmarks
Speed overhead in microscopic analysis:Java Microbench (CaffeineMark): 14% increasein score (more = bad)
-
8/13/2019 Taint Droid
23/26
Benchmarks
Memory overhead in IPC throughput:
-
8/13/2019 Taint Droid
24/26
Benchmarks
-
8/13/2019 Taint Droid
25/26
Benchmarks
-
8/13/2019 Taint Droid
26/26
TaintDroid limitations
- TaintDroid is incapable of detecting implicit IF- Only dynamic analysis, not static.- A lot of false positives- Only detecting, not preventing, leak ofsensitive user information- Requires Android 2.1
- Modifies the Android OS