research-article

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime

Authors:

John C.S. LuiAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

Pages 331 - 342

https://doi.org/10.1145/2976749.2978343

Published: 24 October 2016 Publication History

Abstract

Mobile operating systems like Android failed to provide sufficient protection on personal data, and privacy leakage becomes a major concern. To understand the security risks and privacy leakage, analysts have to carry out data-flow analysis. In 2014, Android upgraded with a fundamentally new design known as Android RunTime (ART) environment in Android 5.0. ART adopts ahead-of-time compilation strategy and replaces previous virtual-machine-based Dalvik. Unfortunately, many data-flow analysis systems like TaintDroid were designed for the legacy Dalvik environment. This makes data-flow analysis of new apps and malware infeasible. We design a multi-level information-flow tracking system for the new Android system called TaintART. TaintART employs a multi-level taint analysis technique to minimize the taint tag storage. Therefore, taint tags can be stored in processor registers to provide efficient taint propagation operations. We also customize the ART compiler to maximize performance gains of the ahead-of-time compilation optimizations. Based on the general design of TaintART, we also implement a multi-level privacy enforcement to prevent sensitive data leakage. We demonstrate that TaintART only incurs less than 15% overheads on a CPU-bound microbenchmark and negligible overhead on built-in or third-party applications. Compared to legacy Dalvik environment in Android 4.4, TaintART achieves about 99.7% faster performance for Java runtime benchmark.

References

[1]

V. Afonso, A. Bianchi, Y. Fratantonio, A. Doupé, M. Polino, P. de Geus, C. Kruegel, and G. Vigna. Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy. In NDSS, 2016.

[2]

S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In ACM SIGPLAN Notices, 2014.

Digital Library

[3]

M. Backes, S. Bugiel, E. Derr, S. Gerling, and C. Hammer. R-droid: Leveraging android app analysis with static slice optimization. In ASIACCS, 2016.

Digital Library

[4]

M. Backes, S. Bugiel, E. Derr, P. McDaniel, D. Octeau, and S. Weisgerber. On demystifying the android application framework: Re-visiting android permission specification analysis. In USENIX Security, 2016.

[5]

R. Balebako, J. Jung, W. Lu, L. F. Cranor, and C. Nguyen. Little brothers watching you: Raising awareness of data leaks on smartphones. In SOUPS, 2013.

Digital Library

[6]

A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, and G. Vigna. What the app is that? deception and countermeasures in the android user interface. In S&P, 2015.

Digital Library

[7]

Bloomberg. Arm designs one of the world's most-used products. http://www.bloomberg.com/bw/articles/2014-02-04/arm-chips-are-the-most-used-consumer-product-dot-where-s-the-money.

[8]

E. Bosman, A. Slowinska, and H. Bos. Minemu: The world's fastest taint tracker. In RAID, 2011.

Digital Library

[9]

S. Bugiel, S. Heuser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In USENIX Security, 2013.

Digital Library

[10]

S. Calzavara, I. Grishchenko, and M. Maffei. Horndroid: Practical and sound static analysis of android applications by smt solving. In Euro S&P, 2016.

[11]

Y. Cao, Y. Fratantonio, A. Bianchi, M. Egele, C. Kruegel, G. Vigna, and Y. Chen. Edgeminer: Automatically detecting implicit control flow transitions through the android framework. In NDSS, 2015.

[12]

J. Chen, H. Chen, E. Bauman, Z. Lin, B. Zang, and H. Guan. You shouldn't collect my secrets: Thwarting sensitive keystroke leakage in mobile ime apps. In USENIX Security, 2015.

Digital Library

[13]

Q. A. Chen, Z. Qian, and Z. M. Mao. Peeking into your app without actually seeing it: Ui state inference and novel android attacks. In USENIX Security, 2014.

Digital Library

[14]

E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In MobiSys, 2011.

Digital Library

[15]

V. Costamagna and C. Zheng. Artdroid: Simple and easy to use library to intercept virtual-method calls under the android art runtime. In Proceedings of the Workshop on Innovations in Mobile Privacy and Security, 2016.

[16]

M. Dam, G. Le Guernic, and A. Lundblad. Treedroid: A tree automaton based approach to enforcing data processing policies. In CCS, 2012.

Digital Library

[17]

B. Davis and H. Chen. Retroskeleton: retrofitting android apps. In MobiSys, 2013.

Digital Library

[18]

M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel. An empirical study of cryptographic misuse in android applications. In CCS, 2013.

Digital Library

[19]

W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. TOCS, 2014.

Digital Library

[20]

A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin. Permission re-delegation: Attacks and defenses. In USENIX Security, 2011.

Digital Library

[21]

H. Feng, K. Fawaz, and K. G. Shin. Linkdroid: reducing unregulated aggregation of app usage behaviors. In USENIX Security, 2015.

Digital Library

[22]

S. Fink and J. Dolby. Wala--the tj watson libraries for analysis, 2012.

[23]

C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In TRUST, 2012.

Digital Library

[24]

Google. Android dashboards. https://developer.android.com/about/dashboards/index.html.

[25]

Google. Dalvik jit. http://android-developers.blogspot.hk/2010/05/dalvik-jit.html.

[26]

Google. Ui/application exerciser monkey. https://developer.android.com/studio/test/monkey.html.

[27]

M. I. Gordon, D. Kim, J. H. Perkins, L. Gilham, N. Nguyen, and M. C. Rinard. Information flow analysis of android applications in droidsafe. In NDSS, 2015.

[28]

M. C. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock android smartphones. In NDSS, 2012.

[29]

gsbabil. Antitaintdroid.

[30]

H. Hao, V. Singh, and W. Du. On the effectiveness of api-level access control using bytecode rewriting in android. In ASIACCS, 2013.

Digital Library

[31]

S. Heuser, A. Nadkarni, W. Enck, and A.-R. Sadeghi. Asm: A programmable interface for extending android security. In USENIX Security, 2014.

Digital Library

[32]

H. Huang, S. Zhu, K. Chen, and P. Liu. From system services freezing to system server shutdown in android: All you need is a loop in an app. In CCS, 2015.

Digital Library

[33]

Y. Jing, G.-J. Ahn, Z. Zhao, and H. Hu. Towards automated risk assessment and mitigation of mobile applications. TDSC, 2015.

Digital Library

[34]

D. Kirat, G. Vigna, and C. Kruegel. Barecloud: bare-metal analysis-based evasive malware detection. In USENIX Security, 2014.

Digital Library

[35]

L. Li, A. Bartel, T. F. Bissyandé, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel. Iccta: Detecting inter-component privacy leaks in android apps. In ICSE, 2015.

Digital Library

[36]

K. Lu, Z. Li, V. P. Kemerlis, Z. Wu, L. Lu, C. Zheng, Z. Qian, W. Lee, and G. Jiang. Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In NDSS, 2015.

[37]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. Chex: statically vetting android apps for component hijacking vulnerabilities. In CCS, 2012.

Digital Library

[38]

W. Meng, R. Ding, S. P. Chung, S. Han, and W. Lee. The price of free: Privacy leakage in personalized mobile in-app ads. In NDSS, 2016.

[39]

Pendragon Software Corporation. CaffeineMark 3.0. http://www.benchmarkhq.ru/cm30/.

[40]

T. Petsas, G. Voyatzis, E. Athanasopoulos, M. Polychronakis, and S. Ioannidis. Rage against the virtual machine: hindering dynamic analysis of android malware. In EuroSec, 2014.

Digital Library

[41]

S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna. Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In NDSS, 2014.

[42]

C. Qian, X. Luo, Y. Shao, and A. T. Chan. On tracking information flows through jni in android applications. In DSN, 2014.

Digital Library

[43]

V. Rastogi, Y. Chen, and W. Enck. Appsplayground: automatic security analysis of smartphone applications. In CODASPY, 2013.

Digital Library

[44]

C. Ren, Y. Zhang, H. Xue, T. Wei, and P. Liu. Towards discovering and understanding task hijacking in android. In USENIX Security, 2015.

Digital Library

[45]

G. Sarwar, O. Mehani, R. Boreli, and M. A. Kaafar. On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices. In SECRYPT, 2013.

[46]

E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In S&P, 2010.

Digital Library

[47]

Y. Shao, J. Ott, Q. A. Chen, Z. Qian, and Z. M. Mao. Kratos: Discovering inconsistent security policy enforcement in the android framework. In NDSS, 2016.

[48]

M. Sun, M. Li, and J. C. S. Lui. Droideagle: Seamless detection of visually similar android apps. In WiSec, 2015.

Digital Library

[49]

M. Sun, J. C. S. Lui, and Y. Zhou. Blender: Self-randomizing address space layout for android apps. In RAID, 2016.

[50]

M. Sun, M. Zheng, J. C. S. Lui, and X. Jiang. Design and implementation of an android host-based intrusion prevention system. In ACSAC, 2014.

Digital Library

[51]

K. Tam, S. J. Khan, A. Fattori, and L. Cavallaro. Copperdroid: Automatic reconstruction of android malware behaviors. In NDSS, 2015.

[52]

X. Wang, K. Sun, Y. Wang, and J. Jing. Deepdroid: Dynamically enforcing enterprise policy on android devices. In NDSS, 2015.

[53]

F. Wei, S. Roy, X. Ou, et al. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In CCS, 2014.

Digital Library

[54]

M. Y. Wong and D. Lie. Intellidroid: A targeted input generator for the dynamic analysis of android malware. In NDSS, 2016.

[55]

C. Wu, Y. Zhou, K. Patel, Z. Liang, and X. Jiang. Airbag: Boosting smartphone resistance to malware infection. In NDSS, 2014.

[56]

L. Wu, M. Grace, Y. Zhou, C. Wu, and X. Jiang. The impact of vendor customizations on android security. In CCS, 2013.

Digital Library

[57]

M. Xia, L. Gong, Y. Lyu, Z. Qi, and X. Liu. Effective real-time android application auditing. In S&P, 2015.

Digital Library

[58]

R. Xu, H. Saıdi, and R. Anderson. Aurasium: Practical policy enforcement for android applications. In USENIX Security, 2012.

Digital Library

[59]

L. K. Yan and H. Yin. Droidscope: seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In USENIX Security, 2012.

Digital Library

[60]

X. Zhang, K. Ying, Y. Aafer, Z. Qiu, and W. Du. Life after app uninstallation: Are the data still alive? data residue attacks on android. In NDSS, 2016.

[61]

Y. Zhang, M. Yang, B. Xu, Z. Yang, G. Gu, P. Ning, X. S. Wang, and B. Zang. Vetting undesirable behaviors in android apps with permission use analysis. In CCS, 2013.

Digital Library

[62]

Y. Zhang, M. Yang, B. Zhou, Z. Yang, W. Zhang, and B. Zang. Swift: A register-based jit compiler for embedded jvms. In VEE, 2012.

Digital Library

[63]

C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In SPSM, 2012.

Digital Library

[64]

M. Zheng, M. Sun, and J. C. S. Lui. Droidanalytics: a signature based analytic system to collect, extract, analyze and associate android malware. In TrustCom, 2013.

Digital Library

[65]

M. Zheng, M. Sun, and J. C. S. Lui. Droidray: a security evaluation system for customized android firmwares. In ASIACCS, 2014.

Digital Library

[66]

Y. Zhou and X. Jiang. Dissecting android malware: Characterization and evolution. In S&P, 2012.

Digital Library

Cited By

Lian KZhang LYang GMao SWang XZhang YYang M(2024)Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile ApplicationsProceedings of the ACM on Software Engineering10.1145/36437301:FSE(70-91)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643730
Zhu XZhang SLi CWen SXiang Y(2024)Fuzzing Android Native System Libraries via Dynamic Data Dependency GraphIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.336947919(3733-3744)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3369479
See RGehring MFischer MKaruppayah S(2023)Binary Sight-Seeing: Accelerating Reverse Engineering via Point-of-Interest-BeaconsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627139(594-608)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627139
Show More Cited By

Index Terms

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security
      1. Mobile platform security

Recommendations

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking ...
Read More
Scalable and precise taint analysis for Android
ISSTA 2015: Proceedings of the 2015 International Symposium on Software Testing and Analysis

We propose a type-based taint analysis for Android. Concretely, we present DFlow, a context-sensitive information flow type system, and DroidInfer, the corresponding type inference analysis for detecting privacy leaks in Android apps. We present novel ...
Read More
P/Taint: unified points-to and taint analysis

Static information-flow analysis (especially taint-analysis) is a key technique in software security, computing where sensitive or untrusted data can propagate in a program. Points-to analysis is a fundamental static program analysis, computing what ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

106
Total Citations
View Citations
1,587
Total Downloads

Downloads (Last 12 months)94
Downloads (Last 6 weeks)14

Other Metrics

View Author Metrics

Citations

Cited By

Lian KZhang LYang GMao SWang XZhang YYang M(2024)Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile ApplicationsProceedings of the ACM on Software Engineering10.1145/36437301:FSE(70-91)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643730
Zhu XZhang SLi CWen SXiang Y(2024)Fuzzing Android Native System Libraries via Dynamic Data Dependency GraphIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.336947919(3733-3744)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3369479
See RGehring MFischer MKaruppayah S(2023)Binary Sight-Seeing: Accelerating Reverse Engineering via Point-of-Interest-BeaconsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627139(594-608)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627139
Zhao ZMorrison AFletcher CTorrellas JAamodt TJerger NSwift M(2023)Untangle: A Principled Framework to Design Low-Leakage, High-Performance Dynamic Partitioning SchemesProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582033(771-788)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582033
Bleier JLindorfer MPolakis Jvan der Kouwe E(2023)Of Ahead Time: Evaluating Disassembly of Android Apps Compiled to Binary OATs Through the ARTProceedings of the 16th European Workshop on System Security10.1145/3578357.3591219(21-29)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3578357.3591219
Lin YWong JGao D(2023)FA3Proceedings of the 24th International Workshop on Mobile Computing Systems and Applications10.1145/3572864.3580338(74-80)Online publication date: 22-Feb-2023
https://dl.acm.org/doi/10.1145/3572864.3580338
Zhang XHeaps JSlavin RNiu JBreaux TWang X(2023)DAISY: Dynamic-Analysis-Induced Source Discovery for Sensitive DataACM Transactions on Software Engineering and Methodology10.1145/356993632:4(1-34)Online publication date: 27-May-2023
https://dl.acm.org/doi/10.1145/3569936
Kumar SMishra DPanda BShukla S(2023)InviSeal: A Stealthy Dynamic Analysis Framework for Android SystemsDigital Threats: Research and Practice10.1145/35675994:1(1-31)Online publication date: 31-Mar-2023
https://dl.acm.org/doi/10.1145/3567599
Sun CMa YZeng DTan GMa SWu Y(2023)μDep: Mutation-Based Dependency Generation for Precise Taint Analysis on Android Native CodeIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.315569320:2(1461-1475)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3155693
Guo JMeng ZZhang QXiong YHuang W(2023)MVVDroid: Android Malware Detection based on Multi-View Visualization2023 9th International Conference on Big Data Computing and Communications (BigCom)10.1109/BIGCOM61073.2023.00021(96-102)Online publication date: 4-Aug-2023
https://doi.org/10.1109/BIGCOM61073.2023.00021
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents