Duke University Libraries
View Item 
  •   DukeSpace
  • Theses and Dissertations
  • Duke Dissertations
  • View Item
  •   DukeSpace
  • Theses and Dissertations
  • Duke Dissertations
  • View Item
    • Login
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Practical Dynamic Information-Flow Tracking on Mobile Devices

    Thumbnail
    View / Download
    1.8 Mb
    Date
    2014
    Author
    Pistol, Ion Valentin
    Advisors
    Lebeck, Alvin R
    Cox, Landon P
    Repository Usage Stats
    183
    views
    236
    downloads
    Abstract

    Today's consumer mobile platforms such as Android and iOS manage large ecosystems of untrusted third-party applications. It is common for an application to request one or more types of sensitive data. Unfortunately, users have no insight into how their data is used. Given the sensitivity of the data accessible by these applications, it is paramount that mobile operating systems prevent apps from leaking it.

    This dissertation shows that it is possible to improve the soundness of dynamic information-flow tracking on a mobile device without sacrificing precision, performance, or transparency. We extend the state of the art in dynamic information-flow tracking on Android and address two major limitations: quantifying implicit flow leaks in Dalvik bytecode and tracking explicit flows in native code. Our goal is to deliver seamless end-to-end taint tracking across Dalvik bytecode and native code.

    We propose SpanDex, a system that quantifies implicit flow leaks in Dalvik bytecode for apps handling password data. SpanDex computes a bound of revealed tainted data by recording the control-flow dependencies and for each password character, keeps track of the possible set of values that have been inferred. We also propose TaintTrap, a taint tracking system for native code in third party apps. We explore native taint tracking performance bottlenecks and hardware acceleration techniques to improve instrumentation performance.

    Type
    Dissertation
    Department
    Computer Science
    Subject
    Computer science
    Immunology
    Computer engineering
    Android
    Emulation
    explicit flows
    implicit flows
    TaintDroid
    TaintTrap
    Permalink
    http://hdl.handle.net/10161/9067
    Citation
    Pistol, Ion Valentin (2014). Practical Dynamic Information-Flow Tracking on Mobile Devices. Dissertation, Duke University. Retrieved from http://hdl.handle.net/10161/9067.
    Collections
    • Duke Dissertations
    More Info
    Show full item record
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.

    Rights for Collection: Duke Dissertations

     

     

    Browse

    All of DukeSpaceCommunities & CollectionsAuthorsTitlesTypesBy Issue DateDepartmentsAffiliations of Duke Author(s)SubjectsBy Submit DateThis CollectionAuthorsTitlesTypesBy Issue DateDepartmentsAffiliations of Duke Author(s)SubjectsBy Submit Date

    My Account

    LoginRegister

    Statistics

    View Usage Statistics