demonstration

Public Access

PIITracker: Automatic Tracking of Personally Identifiable Information in Windows

Authors:

Meisam Navaki Arefi,

Geoffrey Alexander,

Jedidiah R. CrandallAuthors Info & Claims

EuroSec'18: Proceedings of the 11th European Workshop on Systems Security

Article No.: 3, Pages 1 - 6

https://doi.org/10.1145/3193111.3193114

Published: 23 April 2018 Publication History

Abstract

Personally Identifiable Information (PII) is information that can be used on its own or with other information to distinguish or trace an individual's identity. To investigate an application for PII tracking, a reverse engineer has to put considerable effort to reverse engineer an application and discover what an application does with PII. To automate this process and save reverse engineers substantial time and effort, we propose PIITracker which is a new and novel tool that can track PII automatically and capture if any processes are sending PII over the network. This is made possible by 1) whole-system dynamic information flow tracking 2) monitoring specific function and system calls. We analyzed 15 popular chat applications and browsers using PIITracker, and determined that 12 of these applications collect some form of PII.

References

[1]

Accessed May 13, 2017. Anubis. http://anubis.iseclab.org/. (Accessed May 13, 2017).

[2]

Accessed May 13, 2017. Cuckoo Sandbox. https://cuckoosandbox.org/. (Accessed May 13, 2017).

[3]

Accessed May 13, 2017. Norman Sandbox. http://download.norman.no/\product_sheets/eng/SandBox_analyzer.pdf. (Accessed May 13, 2017).

[4]

Accessed May 13, 2017. Tiny Code Generator (TCG). http://wiki.qemu.org/Documentation/TCG. (Accessed May 13, 2017).

[5]

Fabrice Bellard. 2005. QEMU, a fast and portable dynamic translator. In Proceedings of the annual conference on USENIX Annual Technical Conference. ACM, Berkeley, CA.

Digital Library

[6]

James Clause, Wanchun Li, and Alessandro Orso. 2007. Dytan: A Generic Dynamic Taint Analysis Framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis (ISSTA '07). ACM, New York, NY, USA, 196--206.

Digital Library

[7]

Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel, and Giovanni Vigna. 2017. Obfuscation-resilient privacy leak detection for mobile apps through differential analysis. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS). 1--16.

[8]

Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, and Paul Barham. 2005. Vigilante: End-to-end containment of internet worms. In ACM SIGOPS Operating Systems Review, Vol. 39. ACM, 133--147.

Digital Library

[9]

Jedidiah R. Crandall and Frederic T. Chong. 2004. Minos: Control Data Attack Prevention Orthogonal to Memory Model. MICRO (December 2004), 221--232.

Digital Library

[10]

Jedidiah R. Crandall, S. Felix Wu, and Frederic T. Chong. 2006. Minos: Architectural support for protecting control data. ACM Trans. Archit. Code Optim. 3, 4 (2006), 359--389.

Digital Library

[11]

Jakub Dalek, Katie Kleemola, Adam Senft, Christopher Parsons, Andrew Hilts, Sarah McKune, Jason Q. Ng, Masashi Crete-Nishihata, John Scott-Railton, and Ron Deibert. 2015. Privacy and Security Issues with UC Browser. (2015). Retrieved Febrarury 2018 from https://citizenlab.ca/2015/05/a-chatty-squirrel-privacy-and-security-issues-with-uc-browser/

[12]

Michael Dalton, Hari Kannan, and Christos Kozyrakis. 2007. Raksha: A Flexible Information Flow Architecture for Software Security. In Proceedings of the 34th Annual International Symposium on Computer Architecture (ISCA '07). ACM, New York, NY, USA, 482--493.

Digital Library

[13]

Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of the 15th ACM conference on Computer and communications security.

Digital Library

[14]

Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. Technical Report. Naval Research Lab Washington DC.

[15]

B. F. Dolan-Gavitt, J. Hodosh, P. Hulin, T. Leek, and R. Whelan. 2014. Repeatable Reverse Engineering for the Greater Good with PANDA. In Columbia University Computer Science Technical Reports. New York.

[16]

William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS) 32, 2 (2014), 5.

Digital Library

[17]

Antonio M Espinoza, Jeffrey Knockel, Pedro Comesaña-Alfaro, and Jedidiah R Crandall. 2016. V-DIFT: Vector-Based Dynamic Information Flow Tracking with Application to Locating Cryptographic Keys for Reverse Engineering. In Availability, Reliability and Security (ARES), 2016 11th International Conference on. IEEE, 266--271.

[18]

J. S. Fenton. 1973. Information Protection Systems. In Ph.D. Thesis, University of Cambridge.

[19]

Peter Gilbert, Byung-Gon Chun, Landon P Cox, and Jaeyeon Jung. 2011. Vision: automated security validation of mobile apps at app markets. In Proceedings of the second international workshop on Mobile cloud computing and services. ACM, 21--26.

Digital Library

[20]

Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and Davide Balzarotti. 2015. Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence. In Proceedings of the 24th USENIX Security Symposium.

Digital Library

[21]

Xuxian Jiang and Xinyuan Wang. 2007. "Out-of-the-BoxâĂİ Monitoring of VM-Based High-Interaction Honeypots. In International Workshop on Recent Advances in Intrusion Detection.

Digital Library

[22]

Min Gyung Kang, Stephen McCamant, Pongsin Poosankam, and Dawn Song. 2011. DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. In Proceedings of the 18th Annual Network and Distributed System Security Symposium. San Diego, CA.

[23]

Jeffrey Knockel, Sarah McKune, and Adam Senft. 2016. Privacy and Security Issues with Baidu Browser. (2016). Retrieved Febrarury 2018 from https://citizenlab.ca/2016/02/privacy-security-issues-baidu-browser/

[24]

Jeffrey Knockel, Adam Senft, and Ron Deibert. 2016. Privacy and Security Issues in QQ Browser. (2016). Retrieved Febrarury 2018 from https://citizenlab.ca/2016/03/privacy-security-issues-qq-browser/

[25]

Jeffrey Knockel, Adam Senft, and Ronald J Deibert. 2016. Privacy and Security Issues in BAT Web Browsers. In FOCI.

[26]

Chris Lattner and Vikram Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization.

Digital Library

[27]

James Newsome and Dawn Song. 2005. Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In In In Proceedings of the 12th Network and Distributed Systems Security Symposium. Citeseer.

[28]

Feng Qin, Cheng Wang, Zhenmin Li, Ho seop Kim, Yuanyuan Zhou, and Youfeng Wu. 2006. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. MICRO-39 (December 2006), 135--148.

Digital Library

[29]

G. Edward Suh, Jaewook Lee, and Srinivas Devadas. 2004. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of ASPLOS-XI.

Digital Library

[30]

Mohit Tiwari, Hassan M.G. Wassel, Bita Mazloom, Shashidhar Mysore, Frederic T. Chong, and Timothy Sherwood. 2009. Complete information flow tracking from the gates up. SIGPLAN Not. 44, 3 (2009), 109--120.

Digital Library

[31]

Neil Vachharajani, Matthew J. Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A. Blome, George A. Reis, Manish Vachharajani, and David I. August. 2004. RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In Proceedings of the 37th International Symposium on Microarchitecture (MICRO). citeseer.ist.psu.edu/711861.html

Digital Library

[32]

Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. 2008. FlexiTaint: A programmable accelerator for dynamic taint propagation. In HPCA. IEEE Computer Society, 173--184.

[33]

Ryan Whelan, Tim Leek, and David Kaeli. 2013. Architecture-Independent Dynamic Information Flow Tracking. In Proceedings of the 22nd International Conference on Compiler Construction (CC'13). Springer-Verlag, Berlin, Heidelberg, 144--163.

Digital Library

[34]

Carsten Willems, Thorsten Holz, and Felix Freiling. 2007. Toward Automated Dynamic Malware Analysis Using CWSandbox. In IEEE Security and Privacy.

Digital Library

[35]

Heng Yin, Dawn Song, Manuel Egele, and Engin Kruegel, Christopher a nd Kirda. 2007. Panorama: capturing system-wide information flow for malware detection and analysis. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security. ACM, New York, NY, USA, 116--127.

Digital Library

[36]

David Yu Zhu, Jaeyeon Jung, Dawn Song, Tadayoshi Kohno, and David Wetherall. 2011. TaintEraser: Protecting sensitive data leaks using application-level taint tracking. ACM SIGOPS Operating Systems Review 45, 1 (2011), 142--154.

Digital Library

Cited By

Kolenbrander JHusmann EHenshaw CRheault EBoswell MMichaels A(2024)Use & Abuse of Personal Information, Part II: Robust Generation of Fake IDs for Privacy ExperimentationJournal of Cybersecurity and Privacy10.3390/jcp40300264:3(546-571)Online publication date: 11-Aug-2024
https://doi.org/10.3390/jcp4030026
Chang KBarber S(2023)Personalized Privacy Assistant: Identity Construction and Privacy in the Internet of ThingsEntropy10.3390/e2505071725:5(717)Online publication date: 26-Apr-2023
https://doi.org/10.3390/e25050717
John SAlbert OOkokpujie KNoma-Osaghae EOsemwegie OOkereke C(2019)Mitigating Threats in a Corporate Network with a Taintcheck-Enabled HoneypotInformation Science and Applications10.1007/978-981-15-1465-4_8(73-83)Online publication date: 19-Dec-2019
https://doi.org/10.1007/978-981-15-1465-4_8

Index Terms

PIITracker: Automatic Tracking of Personally Identifiable Information in Windows
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

TaintEraser: protecting sensitive data leaks using application-level taint tracking

We present TaintEraser, a new tool that tracks the movement of sensitive user data as it flows through off-the-shelf applications. TaintEraser uses application-level dynamic taint analysis to let users run applications in their own environment while ...
SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
On two RFID privacy notions and their relations

Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSec'18: Proceedings of the 11th European Workshop on Systems Security

April 2018

53 pages

ISBN:9781450356527

DOI:10.1145/3193111

Copyright © 2018 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 April 2018

Check for updates

Author Tags

Qualifiers

Demonstration
Research
Refereed limited

Funding Sources

U.S. National Science Foundation
NSF

Conference

EuroSys '18

Sponsor:

SIGOPS

EuroSys '18: Thirteenth EuroSys Conference 2018

April 23 - 26, 2018

Porto, Portugal

Acceptance Rates

EuroSec'18 Paper Acceptance Rate 8 of 19 submissions, 42%;

Overall Acceptance Rate 47 of 113 submissions, 42%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
434
Total Downloads

Downloads (Last 12 months)152
Downloads (Last 6 weeks)24

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kolenbrander JHusmann EHenshaw CRheault EBoswell MMichaels A(2024)Use & Abuse of Personal Information, Part II: Robust Generation of Fake IDs for Privacy ExperimentationJournal of Cybersecurity and Privacy10.3390/jcp40300264:3(546-571)Online publication date: 11-Aug-2024
https://doi.org/10.3390/jcp4030026
Chang KBarber S(2023)Personalized Privacy Assistant: Identity Construction and Privacy in the Internet of ThingsEntropy10.3390/e2505071725:5(717)Online publication date: 26-Apr-2023
https://doi.org/10.3390/e25050717
John SAlbert OOkokpujie KNoma-Osaghae EOsemwegie OOkereke C(2019)Mitigating Threats in a Corporate Network with a Taintcheck-Enabled HoneypotInformation Science and Applications10.1007/978-981-15-1465-4_8(73-83)Online publication date: 19-Dec-2019
https://doi.org/10.1007/978-981-15-1465-4_8

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents