Practical Dynamic Information-Flow Tracking on Mobile Devices

dc.contributor.advisor

Lebeck, Alvin R

dc.contributor.advisor

Cox, Landon P

dc.contributor.author

Pistol, Ion Valentin

dc.date.accessioned

2014-08-27T15:21:26Z

dc.date.available

2014-08-27T15:21:26Z

dc.date.issued

2014

dc.department

Computer Science

dc.description.abstract

Today's consumer mobile platforms such as Android and iOS manage large ecosystems of untrusted third-party applications. It is common for an application to request one or more types of sensitive data. Unfortunately, users have no insight into how their data is used. Given the sensitivity of the data accessible by these applications, it is paramount that mobile operating systems prevent apps from leaking it.

This dissertation shows that it is possible to improve the soundness of dynamic information-flow tracking on a mobile device without sacrificing precision, performance, or transparency. We extend the state of the art in dynamic information-flow tracking on Android and address two major limitations: quantifying implicit flow leaks in Dalvik bytecode and tracking explicit flows in native code. Our goal is to deliver seamless end-to-end taint tracking across Dalvik bytecode and native code.

We propose SpanDex, a system that quantifies implicit flow leaks in Dalvik bytecode for apps handling password data. SpanDex computes a bound of revealed tainted data by recording the control-flow dependencies and for each password character, keeps track of the possible set of values that have been inferred. We also propose TaintTrap, a taint tracking system for native code in third party apps. We explore native taint tracking performance bottlenecks and hardware acceleration techniques to improve instrumentation performance.

dc.identifier.uri

https://hdl.handle.net/10161/9067

dc.subject

Computer science

dc.subject

Immunology

dc.subject

Computer engineering

dc.subject

Android

dc.subject

Emulation

dc.subject

explicit flows

dc.subject

implicit flows

dc.subject

TaintDroid

dc.subject

TaintTrap

dc.title

Practical Dynamic Information-Flow Tracking on Mobile Devices

dc.type

Dissertation

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Pistol_duke_0066D_12573.pdf
Size:
1.75 MB
Format:
Adobe Portable Document Format

Collections