piitracker automatic tracking of personally identifiable
play

PIITracker: Automatic Tracking of Personally Identifiable - PowerPoint PPT Presentation

Feb 03, 2023 •179 likes •380 views

PIITracker: Automatic Tracking of Personally Identifiable Information in Windows Meisam Navaki Arefi (mnavaki@unm.edu) Geoffrey Alexander Jedidiah R. Crandall What is PII? Personally Identifiable Information (PII) is information that can

  1. PIITracker: Automatic Tracking of Personally Identifiable Information in Windows Meisam Navaki Arefi (mnavaki@unm.edu) Geoffrey Alexander Jedidiah R. Crandall

  2. What is PII?  Personally Identifiable Information (PII) is information that can be used to distinguish or trace an individual’s identity.  Examples of PII:  Name, Address, Phone number, SSN.  MAC Address, Hard drive serial number, IP address. 2

  3. PII Tracking  Needs considerable effort to reverse engineer an application.  To automate PII Tracking process and save reverse engineers substantial time and effort, we propose PIITracker . 3

  4. Motivation  Applications that send PII over the network pose a threat to user privacy and anonymity.  No other tools track PII in an automatic fashion specifically for Windows. 4

  5. Background - DIFT  Dynamic information flow tracking (DIFT) , aka Dynamic Taint Analysis, is a promising technology for making systems transparent. 5

  6. Our Approach  PIITracker is based on Dynamic Information Flow Tracking (DIFT).  PIITracker : 1. Monitors reading PII (by monitoring specific function and system calls). 2. Taint PII with unique tags and track them (using taint2 plugin in PANDA). 3. Monitors out-going network traffic for tainted bytes (i.e. PII). 6

  7. PII Data points  The PII that we have investigated in this paper are:  MAC address  Hard drive serial number  Hard drive model name  Volume serial number  Host name  Computer name  Security identifier number (SID)  CPU model  Windows version and build 7

  8. System Architecture  PIITracker is implemented as a plugin to PANDA whole-system dynamic analysis framework.  Supports Windows 7 as the guest OS.  Runs on top of Linux as the host OS. 8

  9. System Architecture  PIITracker interacts with other plugins:  Taint2: whole-system taint analysis engine  Syscalls2: Callbacks whenever system calls invoked  OSI/Win7x86intro: Callbacks whenever process-related events happen. 9

  10. Placing Hooks  PIITracker utilizes Windows API function calls and system calls as hooks.  Once a specific function or system call occurs, we get the memory address of the desired argument, and taint that memory location using the taint2 plugin API. 10

  11. Placing Hooks  List of functions used to place hooks for each PII data point. 11

  12. Query  To monitor the outgoing network traffic, PIITracker uses the NtDeviceIoControlFile system call.  We query the memory address of every byte in the outgoing network traffic to determine if it has any tags. 12

  13. Results: Analyzing Popular Windows Applications  We have investigated 15 popular Windows applications, mostly chat applications and web browsers.  We determined that 12 of these applications collect some form of PII, meaning that they send PII over the network. 13

  14. Results: Analyzing Popular Windows Applications 14

  15. Results: Analyzing Popular Windows Applications  The chat applications that we could not find any serious PII-related privacy issues were Telegram and Viber .  All Chinese chat and web browser applications that we investigated collect some form of PII.  Firefox and Chromimum also collect some form of PII. 15

  16. False Positive and False Negative Analysis  Comparison with previous works.  Using PIITracker, we could verify the results of other researchers.  Evaluating PIITracker via our own developed test applications.  Worked as expected. 16

  17. Performance Evaluation  Whole-system information flow tracking is intrinsically heavyweight.  Performance has not been a priority for PIITracker.  PIITracker exhibited a 67X slowdown on average compared to PANDA replay. 17

  18. Related Works  TaintDroid  Detects data leakage of Android applications.  TaintEraser  Detects leakage of sensitive data such as password and credit card numbers in Windows.  Requires users to manually specify what actually is a password or credit card number.  None of them are able to track PII in an automatic way in Windows. 18

  19. Conclusions  Presented PIITracker, a novel tool for tracking personally identifiable information (PII) in Windows.  Analyzed 15 popular Windows applications  Majority of these applications collect some form of PII.  PIITracker:  Saves reverse engineers substantial time and effort in practice.  Provides valuable information including the relevant memory addresses of leaked PII, as well as network socket info.  PIITracker is available for public download  https://github.com/mnavaki/PIITracker 19

  20. Thank you!  Contact: Meisam Navaki Arefi  mnavaki@unm.edu  Download PIITracker:  https://github.com/mnavaki/PIITracker 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FERPA Family Educational Rights and Privacy Act General Rule, Personally Identifiable Student

FERPA Family Educational Rights and Privacy Act General Rule, Personally Identifiable Student

FERPA Family Educational Rights and Privacy Act General Rule, Personally Identifiable Student records are confidential and must not be disclosed without consent When is student data personally identifiable? Contains directly

251 views • 4 slides
Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing

Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing

Presenting a live 90-minute webinar with interactive Q&A Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing Litigation Risk and Maximizing Insurance Coverage TUESDAY, MARCH 18, 2014 1pm Eastern

682 views • 49 slides
On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander

On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander

On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy, AT&T Labs Research Craig E. Wills, Worcester Polytechnic Institute ACM SIGCOMM Workshop on Online Social Networks Barcelona,

594 views • 15 slides
Protecting Personally Identifiable Information Audio is available only by conference call. Please

Protecting Personally Identifiable Information Audio is available only by conference call. Please

Protecting Personally Identifiable Information Audio is available only by conference call. Please call: (800) 700-7784 Participant Access Code: 365268 to join the conference call portion of the webinar (date) Webinar Logistics: Audio is

1.04k views • 37 slides
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program August 12, 2014 1 Protecting

590 views • 43 slides
Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander

Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander

Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander Sanchez-Rola, Igor Santos Web Tracking It is a common practice to gather user browsing data . Web Tracking Recent studies provided a better understanding of

568 views • 24 slides
The 80s. Loved by so many. Not only by the ones that personally The 80s. Loved by so many. Not

The 80s. Loved by so many. Not only by the ones that personally The 80s. Loved by so many. Not

Official-Steve-Norman SteveNormanReal Stevenormanofficial The 80s. Loved by so many. Not only by the ones that personally The 80s. Loved by so many. Not only by the ones that personally witnessed this

172 views • 6 slides
An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization Automatic Tracking and Activity Visualization marco riccardi Italian Chapter - The Honeynet Project marco cremonini

393 views • 36 slides
Automatic and Efficient Long Term Arm and Hand Tracking for Continuous Sign Language TV

Automatic and Efficient Long Term Arm and Hand Tracking for Continuous Sign Language TV

Automatic and Efficient Long Term Arm and Hand Tracking for Continuous Sign Language TV Broadcasts Tomas Pfister 1 , James Charles 2 , Mark Everingham 2 , Andrew Zisserman 1 1 Visual Geometry Group 2 School of

495 views • 27 slides
The Automatic Detection and Tracking of Interplanetary Coronal Mass Ejections (ICMEs) By Robin

The Automatic Detection and Tracking of Interplanetary Coronal Mass Ejections (ICMEs) By Robin

The Automatic Detection and Tracking of Interplanetary Coronal Mass Ejections (ICMEs) By Robin Thompson Supervised by Dr Tim Howard, SwRI What is a CME? An eruption of Leading Edge plasma and Cavity Filament magnetic field from the

325 views • 31 slides
Easy Tracker EasyTracker: Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using

Easy Tracker EasyTracker: Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using

Easy Tracker EasyTracker: Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones Presentation: Rafa Hryciuk Department of Computer Science University of Illinois at Chicago: James Biagioni, Tomas Gerlich, Timothy

935 views • 36 slides
EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones

EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones

EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones James Biagioni, Tomas Gerlich, Timothy Merrifield and Jakob Eriksson We love bus trackers! slide 2 Winter in Chicago slide 3 Our shuttle web

4.98k views • 94 slides
NoMoATS: Towards Automatic Detection of Mobile Tracking Abstract: Todays mobile apps employ

NoMoATS: Towards Automatic Detection of Mobile Tracking Abstract: Todays mobile apps employ

Proceedings on Privacy Enhancing Technologies ; 2020 (2):4566 Anastasia Shuba* and Athina Markopoulou NoMoATS: Towards Automatic Detection of Mobile Tracking Abstract: Todays mobile apps employ third-party ad- 1 Introduction vertising and

373 views • 22 slides
Key Topics Related to Grant Accountability and Monitoring

Key Topics Related to Grant Accountability and Monitoring

Key Topics Related to Grant Accountability and Monitoring _____________________________________________________ 21 st Century Fall Project Directors Workshop October 2019 1 Grant Monitoring Points of Emphasis Personally Identifiable

419 views • 28 slides
The Automatic Library Tracking Database Mark Fahey National Institute for Computational

The Automatic Library Tracking Database Mark Fahey National Institute for Computational

The Automatic Library Tracking Database Mark Fahey National Institute for Computational Sciences Scientific Computing Group Lead May 24, 2010 Cray User Group May 24-27, 2010 Contributors Ryan Blake Hitchcock Patrick Lu Nick

559 views • 25 slides
De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft Research July 12, 2013 6th Workshop on Hot Topics in Privacy Enhancing Technologies 2013, Bloomington, Indiana, USA Can Personally Identifiable

668 views • 18 slides
DR. CHECKER A Soundy Analysis for Linux Kernel Drivers Aravind Machiry, Chad Spensky , Jake Corina,

DR. CHECKER A Soundy Analysis for Linux Kernel Drivers Aravind Machiry, Chad Spensky , Jake Corina,

DR. CHECKER A Soundy Analysis for Linux Kernel Drivers Aravind Machiry, Chad Spensky , Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna University of California, Santa Barbara USENIX Security 2017 seclab THE COMPUTER SECURITY

995 views • 66 slides
PointlessTain,ng? Evalua,ngthePrac,calityofPointer Tain,ng

PointlessTain,ng? Evalua,ngthePrac,calityofPointer Tain,ng

PointlessTain,ng? Evalua,ngthePrac,calityofPointer Tain,ng AsiaSlowinska,HerbertBos VrijeUniversiteitAmsterdam Whypointertain,ng? AFacks Exploitlowlevelmemoryerrors

1.41k views • 65 slides
Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions Lazaro Clapp,

Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions Lazaro Clapp,

Modelgen: Mining Explicit Information Flow Specifications from Concrete Executions Lazaro Clapp, Saswat Anand, Alex Aiken Stanford University I Why mine specifications? Whole-program static analysis Application Whole-program static

992 views • 84 slides
EthPloit : From Fuzzing to Efficient Exploit Generation against Smart Contracts Qingzhao Zhang 1,2

EthPloit : From Fuzzing to Efficient Exploit Generation against Smart Contracts Qingzhao Zhang 1,2

EthPloit : From Fuzzing to Efficient Exploit Generation against Smart Contracts Qingzhao Zhang 1,2 , Yizhuo Wang 1 , Juanru Li 1 , Siqi Ma 3 1 Shanghai Jiao Tong University , China 2 University of Michigan , America 3 Data 61, CSIRO , Australia

918 views • 38 slides
A posteriori taint-tracking for demonstrating non-interference in expressive low-level languages

A posteriori taint-tracking for demonstrating non-interference in expressive low-level languages

A posteriori taint-tracking for demonstrating non-interference in expressive low-level languages Peter Aldous and Matthew Might University of Utah This title is a little much, so Faster automated proofs that information doesnt leak in

1.66k views • 115 slides
Practical taint analysis for protecting buggy binaries So your exploit beats ASLR/DEP? I don't

Practical taint analysis for protecting buggy binaries So your exploit beats ASLR/DEP? I don't

Practical taint analysis for protecting buggy binaries So your exploit beats ASLR/DEP? I don't care Erik Bosman <erik@minemu.org> Traditional Stack Smashing buf[16] GET / HTTP/1.1 00baseretnarg1arg2 Traditional Stack Smashing buf[16]

1.29k views • 100 slides
Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An

Privacy on Smartphones Presentation by Claude Barthels Roadmap TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones MockDroid: Trading Privacy for Application Functionality on Smartphones

429 views • 38 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides

More recommend