Upload File

uipicker: user-input privacy identification in mobile ......uip data identification behavior based...

  • Home
  • Documents
  • UIPicker: User-Input Privacy Identification in Mobile ......UIP Data Identification Behavior Based Result Filtering Result PrePre-ProcessingProcessing Private-related Text Analysis
24
UIPicker: User-Input Privacy Identification in Mobile Applications Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou Fudan University Guofei Gu Xiaofeng Wang Texas A&M University Indiana University at Bloomington

Upload: others

Post on 05-Feb-2021

5 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • UIPicker: User-Input Privacy Identification in

    Mobile Applications

    Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou

    Fudan University

    Guofei Gu Xiaofeng Wang

    Texas A&M University Indiana University at Bloomington

  • Page 2

    Privacy leakage

    • App’s insecure implementation

    • Vulnerabilities in system

    Motivation

  • Page 3

    Existing Works

    Dynamic/Static taint analysis

    • TaintDroid [OSDI’ 10]

    • FlowDroid [PLDI’ 14]

    Motivation

    Access control mechanisms

    • SELinux on Android

    • Auriasium [SECURITY’12]

  • Page 4

    But wait …

    Location

    Contact

    SMS

    Phone Number

    LocationManager. getLastKnownLocation()

    ContentResolver.query(CONTACT_URI)

    SmsMessage. getMessageBody ()

    TelephonyManager. getLine1Number()

    System Centric Privacy Data

  • Page 5

    User-Input Centric Privacy Data (UIP Data)

    But wait …

    Account Credentials& Profiles

    Location

    Financial

  • Page 6

    • UIP data cannot be found without parsing the context and semantic of UIs

    • Label all input as sensitive

    • Large number of false positives

    • Manually specify such contents need to be protected

    • Intensive human intervention

    Challenges

  • Page 7

    • UIPicker

    • Novel framework for automatic, large-scale User-Input Privacy

    (UIP data) identification within Android apps.

    • Runtime Security-Enhancement Mechanism

    • Protect insecure UIP data transmission in app’s runtime

    Our Work

  • Page 8

    • Privacy-related semantics exist in

    • UI Screens

    • Layout resource files

    Key Observation

  • Page 9

    • How to get complete privacy-related texts

    • Highly unstructured semantics

    • E.g. password, pass, pwd, …

    • Sparsely distributed in different UIs

    • Impractical for manual collecting

    • To what extent, a layout element could be UIP data

    • Keyword based search? imprecise results

    • E.g. Split “Username” into “user” & “name”

    Technical challenges

  • Page 10

    UIPicker Overview

    APP Private-related Text Analysis

    UIP Data Identification

    Behavior Based Result

    Filtering

    Result

    Pre-ProcessingPre-Processing

    Private-related Text Analysis

    UIP Data Identification

    Behavior Based Result

    Filtering

    1. Resource Extraction2. Cluster privacy-related texts

    describing UIP data3. Identify UIP data from textual

    semantics4. Confirm UIP data with application

    code behaviors

  • Page 11

    • Resource Extraction

    • Word splitting• Delimiter/Letter-separated words

    • Redundant content removal• Non-English strings/Stop words

    • Stemming• Reduce the number of texts

    • E.g. Change “secured”, “security” into “secure”

    Pre-Processing

    @id/opl_credit_card_number@string/opl_new_credit_card_expiration_date_month@string/opl_new_credit_card_save_button

    UI Texts

    Layout Descriptions

    1

    2

  • Page 12

    Privacy-related Texts Analysis

    • Privacy-related layout Selection

    • E.g. Login, Registration, settings page.

    • By initial seeds with heuristic rules

    • Privacy-related texts clustering

    • Words appeared most in privacy-related layouts rather than normal layouts.

    • By applying Chi-Square test.

    Initial seeds

    Inferred texts

  • Page 13

    UIP Data Identification

    • Classifier: Support Vector Machine

    • Features

    • Privacy-related texts

    • Sibling elements

    • E.g. Short phrase for describing the input field.

    • Training Data

    • Subset of UIP data element

    • Text fields with sensitive inputtype.

    • Manual labelled element for Financial inputs

  • Page 14

    Behavior Based Result Filtering

    • Matching UIP data behaviors reflected in

    application’s program code

    • Filter out static labels which only contain

    privacy-related semantics

    • Recover Input fields other than “EditText”• Implicit user input

    • E.g. Drop down list

    • Customized input

    • E.g. com.alipay.inputBox

  • Page 15

    Activity.setContentView(R.layout.add_credit_card.xml)

    Void OnCreate(Bundle bundle){

    InputBox IB = findViewById(2131231511);

    submitBtn = findViewById(2131623982);

    submitBtn.setOnClickListener(new addCardListener());

    }

    addCardListener.onClick(View v) {……creditCard = IB.getText();sendContent(creditCard)…..

    }

    1. Locating UIP candidate & its layout

    2. User-Triggered Event handling

    UIP Data Elements

    Behavior Based Result Filtering

  • Page 16

    Runtime Security Enhancement

    Bank of China(Credit Card)

    Expire Date

    Security Code

    Card Holder’s Name

    Identity Number

    Phone Number

    Verify Code

    Taint Tracking based on UIPicker

    Plain Text transmission• Runtime checking

    Insecure SSL implementation• Offline analysis with MalloDroid [CCS’ 12]

    TaintDroid

  • Page 17

    UIPicker Evaluation

    • Dataset

    • 17,425 apps crawled from Google-Play in Oct.2014

    • 35 categories, 500 apps for each

  • Page 18

    UIP Data Distribution

    • 6,179 (35.46%) contain UIP data in 17,425 Apps

    • Exist in more than half of apps in 9 out of 35 categories.

    0.00%

    10.00%

    20.00%

    30.00%

    40.00%

    50.00%

    60.00%

    70.00%

    Account Credentials & User Profile Location Financial

  • Page 19

    Effectiveness

    • Compare with System Defined APIs (# Apps)

    Category System Defined APIs UIPicker Overlap

    Account Credentials & User Profile

    4,900 5,330 1,340

    Location 15,221 2,883 2,282

    Financial - 1,318 -

    Total 15,632 6,179 -

    TelephonyManager.getLine1Number()AccountManager.getAccounts()

    LocationManager.getLastKnownLocation()Location.getLongitude()Location.getLatitude()

  • Page 20

    Effectiveness

    • Compare with Sensitive Attributes(# Elements)

    Category InputType UIPicker Incremental

    Account Credentials & User Profile

    24,021 46,227 26,087

    Location 941 14,311 13,370

    Financial - 6,353 -

    Total 24,962 71,224 46,262

    textEmailAddress textPersonNametextPassword textVisiblePasswordpassword/email/phoneNumber textPostalAddress

    2x

    15x

  • Page 21

    Type # Elements % in UIP Data

    TextView 10,582 14.86%

    Customized 5,075 7.13%

    Spinner 1,962 2.75%

    Others 784 1.10%

    Total 18,403 25.84%

    Effectiveness

    • Compare with Sensitive Attributes(# Elements)

  • Page 22

    Precision

    • Manual Validation

    • 200 random selected apps in 10 categories (20 in each)

    • False Positives: 67/1042 elements

    • False Negatives: 107 elements

    • Overall: 93.6% Precision and 90.1% Recall

  • Page 23

    Conclusion

    • UIPicker: Identify UIP data based on novel combination of

    NLP, machine-learning approach, and static analysis

    techniques

    • Runtime security enhancement based on UIPicker

    • Easily be deployed for other existing mechanisms for

    privacy analysis/protection.

  • Page 24

    ThanksQuestions?


An Experimental Result on System Identification …arx.appi.keio.ac.jp/wp-content/uploads/2011/05/ICST2008...An Experimental Result on System Identification over Networks using Delta-Sigma

FREQUENCY ANALYSIS - DAAAM...motor parameter identification (online improved frequency analysis). If stator resistance is used to refine results the final result of identification

Identification andCharacterization of Gene Responsible …jb.asm.org/content/173/15/4707.full.pdf ·  · 2006-03-08inhibitory effects on lambda phage rescue result at least ... This

Under 6 Boys Grand Prix Events · 05/02/2012 Result Place Result Place Result Place Result Place Result Place Result Place Result Place Result Place Result Place Result Place Jack

A preliminary Muon Identification result You Zhengyun School of Physics, PKU 2005.11.23

Strategic Alignment of Business Intelligence833207/FULLTEXT01.pdf · analyze the strategic alignment of business intelligence of an organization will result in the identification

A preliminary Muon Identification result

Individual Cattle Identification and Beef Traceability ... · Individual Cattle Identification and Beef Traceability System in ... Individual Cattle Identification ... Note :Result

Public Disclosure Authorized IDENTIFICATION PRINCIPLES ON · 2019. 9. 27. · As a result, digital identification systems can create huge savings for citizens, governments, and businesses

#1 Theory 6 Unit 6 Output Output. #2 Theory 6 Categories of Hardware InputInput ProcessingProcessing StorageStorage Output*Output*

System Identification and Adaptive Current Balancing ON ... · Simulation and experiment result show the proposed adaptive control scheme significantly improves the transient response

PREAMBLE...IARC Monographs Preamble 3 1 The identification of a cancer hazard should trigger some action to protect 2 public health, either directly as a result of the hazard identification

Country Diagnostic Report: Ghana - BFA Global · This report is the result of country diagnostic research and extensive consultations with country stakeholders, including identification

A beszédpercepció helye a teljes megértési …real.mtak.hu/8860/1/Mady_percepcio_ANT_vegleges.pdftheir input and result in the identification of phonemes with distinctive features

Identification and Characterization of Plasma Cells in ... LWMM...The difficulties in identification of plasma cells as com- pared with B lymphocytes in normal marrow are a result

 · process is illustrated diagramatically in ... bottom nearshore will more effectively ... will usually result in the identification of

Instrumentyzarządzania kosztamiidokonaniami · Halina Buk, Creation of financial result from the long-time construction contract ... Identification and measurement of free of charge

Myanmar Payment Union (MPU)Myanmar Payment Union (MPU ... · Transaction အားအား ProcessingProcessing ျျပဳလပပဳလ ုပေနပါလမ္ေနပါလ

Inertia Identification - Texas Instruments Wikiprocessors.wiki.ti.com/images/7/7c/IS_Workshop_7_-_Interia_ID.pdfThe inertia result is highly repeatable, the maximum and minimum values

Accelerating drug discovery with · Target identification – Complex network interaction problem: – Biology at the cellular level is the result of countless molecular interactions

CRANFIELD UNIVERSITY DEXIN XU ANALYSIS AND · PDF fileiv 4.2.2 Survey Result Analysis..... 39 4.3 CoQ Elements Identification and Definition

DISRUPTION AND REACCUMULATION AS THE POSSIBLE ...Bottom: spheroidal aggregate and surface boulders formed as a result of disruption and reaccumulation (colors permit identification

PepArML: A model-free, result-combining peptide identification arbiter via machine learning Xue Wu, Chau-Wen Tseng, Nathan Edwards University of Maryland,

Morphological Variability Identification of Harumanis ... · • The result of Principal Component Analysis (PCA) provided a good approximation of the data which majorly contributed

IDENTIFICATION Dr. AJEE KURUVILLA. IDENTIFICATION Identification in the living Identification in the living Identification of the dead Identification

SECTION 2. IDENTIFICATION OF PROPERTY SAMPLE · WELFARE EXEMPTION SUPPLEMENTAL AFFIDAVIT, ... failure to do so will result in denial of the exemption. ... Identification of Property

Identification of Contaminant Source Characteristics and ... · An efficient monitoring network will result in satis- factory characterization of contaminant sources. On the other

1. Introduction 1.1. Fire program management involves the identification, evaluation, and control of hazards which may result in a fire. 1.2. OSHA & Emergency

Highway 97 - Peachland Transportation Study Engagement ... · The Highway 97-Peachland Transportation Study will result in the identification of preliminary options ... The open house

çAVô¦}ÔD· E ÁJ$V eq«é À ÎE ^ Cdb¼3:û#È+K`µ t½â´÷ ?½J … · prediction: cetane # bio % heating value water content..... Data processingprocessing Fuel in TARGET

Result Result Result Result Result

magazine AETNAGROUP - Robopac · Aetna Group has initiated a corporate value identification and com - munication process with determination and professionalism. The result of this

Safety Data Sheet Section 1: Identification of the ...‚¬ Result ACGIH Argentina Belgium China Indonesia Trisodium Phosphate, Dodecahydrate as Particulates not otherwise classified

 · Trademark Electronic Application System ... Pending Serial Numbel(s) ... or any descriptive language in an identification that would result in a

CHAPTER 3 MINERAL IDENTIFICATION QUALITATIVE METHODS · MINERAL IDENTIFICATION ... since it arises as a result ofthe sampling by the eyeofa range oflightwavelengths ofdifferingreflectances(seeChapter4)