TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
暂无分享,去创建一个
Byung-Gon Chun | Patrick D. McDaniel | William Enck | Landon P. Cox | Anmol Sheth | Jaeyeon Jung | Peter Gilbert
[1] Landon P. Cox,et al. RedFlag: Reducing Inadvertent Leaks by Personal Machines , 2009 .
[2] Andrew Warfield,et al. Practical taint-based protection using demand emulation , 2006, EuroSys.
[3] Bei Yu,et al. TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).
[4] William Enck,et al. Preventing accidental data disclosure in modern operating systems , 2013, CCS.
[5] Ross J. Anderson,et al. Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.
[6] David M. Eyers,et al. DEFCON: High-Performance Event Processing with Information Security , 2010, USENIX Annual Technical Conference.
[7] Michael Franz,et al. Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).
[8] Donald E. Porter,et al. Laminar: practical fine-grained decentralized information flow control , 2009, PLDI '09.
[9] Tzi-cker Chiueh,et al. A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).
[10] Landon P. Cox,et al. TightLip: Keeping Applications from Spilling the Beans , 2007, NSDI.
[11] Cheng Wang,et al. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).
[12] Patrick D. McDaniel,et al. On lightweight mobile phone application certification , 2009, CCS.
[13] Yang Tang,et al. CleanOS: Limiting Mobile Data Exposure with Idle Eviction , 2012, OSDI.
[14] Shashi Shekhar,et al. QUIRE: Lightweight Provenance for Smart Phone Operating Systems , 2011, USENIX Security Symposium.
[15] Dorothy E. Denning,et al. A lattice model of secure information flow , 1976, CACM.
[16] Jon G. Riecke,et al. The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.
[17] R. Sekar,et al. Efficient fine-grained binary instrumentationwith applications to taint-tracking , 2008, CGO '08.
[18] Andrew C. Myers,et al. JFlow: practical mostly-static information flow control , 1999, POPL '99.
[19] Hao Chen,et al. RetroSkeleton: retrofitting android apps , 2013, MobiSys '13.
[20] Yajin Zhou,et al. Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.
[21] Giovanni Vigna,et al. Using Labeling to Prevent Cross-Service Attacks Against Smart Phones , 2006, DIMVA.
[22] Yajin Zhou,et al. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.
[23] Christopher Krügel,et al. Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.
[24] Heng Yin,et al. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.
[25] Steven Hand,et al. Proceedings of the 25th Symposium on Operating Systems Principles , 2015, SOSP.
[26] Boniface Hicks,et al. From Languages to Systems: Understanding Practical Application Development in Security-typed Languages , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).
[27] Peter J. Denning,et al. Certification of programs for secure information flow , 1977, CACM.
[28] Miguel Castro,et al. Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.
[29] Alessandro Orso,et al. WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation , 2008, IEEE Transactions on Software Engineering.
[30] Andrew C. Myers,et al. Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..
[31] Stephen McCamant,et al. Measuring channel capacity to distinguish undue influence , 2009, PLAS '09.
[32] Trent Jaeger,et al. Implicit Flows: Can't Live with 'Em, Can't Live without 'Em , 2008, ICISS.
[33] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.
[34] Stephen McCamant,et al. Quantitative information flow as network flow capacity , 2008, PLDI '08.
[35] Dawn Xiaodong Song,et al. TaintEraser: protecting sensitive data leaks using application-level taint tracking , 2011, OPSR.
[36] Apu Kapadia,et al. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones , 2011, NDSS.
[37] Ahmad-Reza Sadeghi,et al. XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks , 2011 .
[38] Tal Garfinkel,et al. Understanding data lifetime via whole system simulation , 2004 .
[39] David Brumley,et al. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.
[40] Alastair R. Beresford,et al. MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.
[41] Guilherme Ottoni,et al. RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).
[42] Swarat Chaudhuri,et al. A Study of Android Application Security , 2011, USENIX Security Symposium.
[43] Stephen Smalley,et al. Security Enhanced (SE) Android: Bringing Flexible MAC to Android , 2013, NDSS.
[44] David Wetherall,et al. Privacy oracle: a system for finding application leaks with black box differential testing , 2008, CCS.
[45] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.
[46] Helen J. Wang,et al. Permission Re-Delegation: Attacks and Defenses , 2011, USENIX Security Symposium.
[47] Xinwen Zhang,et al. Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.
[48] Ahmad-Reza Sadeghi,et al. Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.
[49] Alessandro Orso,et al. Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.
[50] Heng Yin,et al. Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.
[51] Heng Yin,et al. Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.
[52] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[53] Wouter Joosen,et al. Security-by-contract on the .NET platform , 2008, Inf. Secur. Tech. Rep..
[54] Sheng Liang,et al. Java Native Interface: Programmer's Guide and Specification , 1999 .
[55] Bi Wu,et al. SpanDex: Secure Password Tracking for Android , 2014, USENIX Security Symposium.
[56] Ninghui Li,et al. PRECIP: Towards Practical and Retrofittable Confidential Information Protection , 2008, NDSS.
[57] Stephen McCamant,et al. DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation , 2011, NDSS.
[58] Andrew C. Myers,et al. Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].
[59] Xuxian Jiang,et al. Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.
[60] Mauro Conti,et al. CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.
[61] Patrick D. McDaniel,et al. Semantically Rich Application-Centric Security in Android , 2009, 2009 Annual Computer Security Applications Conference.
[62] Dawn Song,et al. Privacy Scope: A Precise Information Flow Tracking System For Finding Application Leaks , 2009 .
[63] Ahmad-Reza Sadeghi,et al. Practical and lightweight domain isolation on Android , 2011, SPSM '11.
[64] Jon Howell,et al. What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors , 2010 .
[65] Eddie Kohler,et al. Making information flow explicit in HiStar , 2006, OSDI '06.
[66] Frederic T. Chong,et al. Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).
[67] Herbert Bos,et al. Pointless tainting?: evaluating the practicality of pointer tainting , 2009, EuroSys '09.
[68] Michael Franz,et al. Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).
[69] Xi Wang,et al. Improving application security with data flow assertions , 2009, SOSP '09.
[70] Byung-Gon Chun,et al. Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.
[71] Seungyeop Han,et al. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.
[72] Andrew S. Tanenbaum,et al. A Virtual Machine Based Information Flow Control System for Policy Enforcement , 2008, Electron. Notes Theor. Comput. Sci..
[73] Eddie Kohler,et al. Information flow control for standard OS abstractions , 2007, SOSP.
[74] David Zhang,et al. Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.