Uranine: Real-time Privacy Leakage Monitoring without System - - PowerPoint PPT Presentation

uranine real time privacy leakage monitoring without
SMART_READER_LITE
LIVE PREVIEW

Uranine: Real-time Privacy Leakage Monitoring without System - - PowerPoint PPT Presentation

Mar 08, 2024 47 likes •328 views

Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android Vaibhav Rastogi 1 , Zhengyang Qu 2 , Jedidiah McClurg 3 , Yinzhi Cao 4 , and Yan Chen 2 1 University of Wisconsin and Pennsylvania State University 2 Northwestern

slide-1
SLIDE 1

Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android

Vaibhav Rastogi1, Zhengyang Qu2, Jedidiah McClurg3, Yinzhi Cao4, and Yan Chen2

1 University of Wisconsin and Pennsylvania State University 2 Northwestern University 3 University of Colorado Boulder 4 Lehigh University

slide-2
SLIDE 2

The Privacy Problem

  • Third-party smartphone

apps becoming increasingly important

  • Apps regularly leak private

information without informing users

  • Private information leakage

is a concern for both consumers and enterprises Goal make information about privacy leaks transparent and accessible to the user

2

slide-3
SLIDE 3

Outline

Requirements and Approach Challenges Design Implementation and Evaluation Conclusion

3

slide-4
SLIDE 4

Outline

Requirements and Approach Challenges Design Implementation and Evaluation Conclusion

4

slide-5
SLIDE 5

Requirements

  • Real-time detection: enable situationally-aware

decision making

  • No platform modification: enable deployment on

all devices

  • Easily configurable: enable privacy leakage

monitoring for just the apps user wants, no

  • verhead for the rest of the system
  • Portable: across different architectures and

language runtimes

  • Others: accuracy, performance

5

slide-6
SLIDE 6

Requirements

TaintDroid Phosphor Real time Yes Yes System Modification Yes Yes Configurability Little Little Portability No Yes Runtime performance Good Good Accuracy Good Good

6

Enck, William, et al. "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones." ACM Transactions on Computer Systems (TOCS) 32.2 (2014): 5. Bell, Jonathan Schaffer, and Gail E. Kaiser. "Phosphor: Illuminating Dynamic Data Flow in the JVM." OOPSLA (2014).

slide-7
SLIDE 7

Uranine

  • Inline taint tracking. Add information flow tracking

code to the application

  • Do not touch platform code
  • No modification to the runtime
  • No modification to the framework libraries
  • Approximate information flow through platform

code

7

slide-8
SLIDE 8

Requirements

TaintDroid Phosphor Real time Yes Yes System Modification Yes Yes Configurability Little Little Portability No Yes Runtime performance Good Good Accuracy Good Good

8

Enck, William, et al. "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones." ACM Transactions on Computer Systems (TOCS) 32.2 (2014): 5. Bell, Jonathan Schaffer, and Gail E. Kaiser. "Phosphor: Illuminating Dynamic Data Flow in the JVM." (2014).

slide-9
SLIDE 9

Requirements

TaintDroid Phosphor Uranine Real time Yes Yes Yes System Modification Yes Yes No Configurability Little Little High Portability No Yes Yes Runtime performance Good Good Good Accuracy Good Good Good

9

Enck, William, et al. "TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones." ACM Transactions on Computer Systems (TOCS) 32.2 (2014): 5. Bell, Jonathan Schaffer, and Gail E. Kaiser. "Phosphor: Illuminating Dynamic Data Flow in the JVM." (2014).

slide-10
SLIDE 10

Deployment Model

10

slide-11
SLIDE 11

Outline

Requirements and Approach Challenges Design Implementation and Evaluation Conclusion

11

slide-12
SLIDE 12

Challenges

Tracking taint across calls to framework libraries Accounting for the effects of callbacks Tainting objects while following Java reference semantics

12

slide-13
SLIDE 13

Outline

Requirements and Approach Challenges Design Implementation and Evaluation Conclusion

13

slide-14
SLIDE 14

Design

Instrumentation Taint Storage & Propagation To Bytecode Framework Code Summarization Rules To Intermediate Representation App Instrumented App

14

slide-15
SLIDE 15

Taint Storage and Propagation

  • Shadow taint location for each location
  • Similar for method parameters
  • Add additional parameters for carrying taints
  • Return taint returned via parameter
  • Taint propagation for various operations

class A { String field; } class A { String field; int field_t; }

15

p = q + r; p = q + r; p_t = q_t | r_t;

slide-16
SLIDE 16

Taint Storage and Propagation

  • Introduce taint at sources
  • Check for taint reaching sinks

String id = tm.getDeviceId(); String id = tm.getDeviceId(); int id_t = 1; socket.write(deviceLocation); if (deviceLocation_t != 0) sendAlert(); socket.write(deviceLocation);

16

slide-17
SLIDE 17

Tracking Taint across library calls

  • Pre-defined rules for summarization
  • Catch-all policy: Combine taint of all parameters

and set to the return taint and the taint of object

  • n which method is called (receiver)
  • Above summarization not sufficient: additionally

propagate taint to all objects that refer to the

  • bject being tainted

17

slide-18
SLIDE 18

Callbacks

  • toString() may be called by framework code

and the returned string used elsewhere

  • Solution: treat like framework code and propagate

return taint to receiver

class A { private String id; public A(TelephonyManager m) { id = m.getDeviceId(); } public toString() { return id; } }

18

slide-19
SLIDE 19

Java Reference Semantics

  • Problem: tainting objects, not just object

references

  • If an object gets tainted, all references should show

the taint

  • Storing object taints should not affect garbage

collection

  • Solution: Use a weak hashtable to map objects to

taints

19

slide-20
SLIDE 20

Outline

Requirements and Approach Challenges Design Implementation and Evaluation Conclusion

20

slide-21
SLIDE 21

Implementation

  • Employ dexlib to convert bytecode to IR
  • A class hierarchy analysis to identify callbacks and

guide the instrumentation

  • A fine-grained instrumentation framework on top
  • f IR
  • Generates bytecode sequences that pass the Dalvik

verifier

  • 6000 lines of Scala code

21

slide-22
SLIDE 22

Accuracy Evaluation

  • Use TaintDroid as ground truth
  • Small-scale manual as well as large-scale

automated tests

  • Large-scale automated runs with Android Monkey
  • n 1490 apps
  • Privacy leakage results consistent with TaintDroid
  • 4 cases were identified to be Uranine false positives

22

slide-23
SLIDE 23

Performance Evaluation

  • Performance expected to be good: framework code,

which does the real heavy-lifting, runs without

  • verhead
  • Measuring performance is difficult
  • No macrobenchmarks for Android
  • Microbenchmarkingwill not show true performance on real

workloads

  • Created 6 macrobenchmarksfrom real apps from

Google Play

  • Overhead less than 50% for 5 benchmarks, and around

10% in four benchmarks

  • Compares favorably with TaintDroid (30%) and

Phosphor (50%)

23

slide-24
SLIDE 24

Scope for Optimizations

  • Static analysis may be used to identify code paths

that will not leak information

  • Thus only a few paths need to be instrumented
  • Such optimizations not possible for TaintDroid or

Phosphor

24

slide-25
SLIDE 25

Outline

Requirements and Approach Challenges Design Implementation and Evaluation Conclusion

25

slide-26
SLIDE 26

Conclusion

  • Privacy is a major issue in the present digital

revolution

  • Private information leakage should be transparent
  • Uranine tracks private information leakage in

Android apps without platform modification

  • A step towards bringing information leakage

transparency to the masses

26

slide-27
SLIDE 27

27

https://play.google.com/stor e/apps/details?id=com.webs hield.privacyshield

slide-28
SLIDE 28

Thank you!

28