Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses

Security in embedded systems such as smartphones requires protection of confidential data and applications. Many of security mechanisms use dynamic taint analysis techniques for tracking information flow in software. But these techniques cannot detect control flows that use conditionals to implicitly transfer information from objects to other objects. In particular, malicious applications can bypass Android system and get privacy sensitive information through control flows. We propose an enhancement of dynamic taint analysis that propagates taint along control dependencies by using the static analysis in embedded system such as Google Android operating system. By using this new approach, it becomes possible to protect sensitive information and detect most types of software exploits without reporting too many false positives.

[1]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[2]  Andrew S. Tanenbaum,et al.  A Virtual Machine Based Information Flow Control System for Policy Enforcement , 2008, Electron. Notes Theor. Comput. Sci..

[3]  William Landi,et al.  Undecidability of static analysis , 1992, LOPL.

[4]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[5]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[6]  David Thomas,et al.  Programming Ruby: the pragmatic programmer's guide , 2000 .

[7]  EvansDavid,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002 .

[8]  Thomas F. Knight,et al.  A Minimal Trusted Computing Base for Dynamically Ensuring Secure Information Flow , 2001 .

[9]  Jeffrey S. Fenton Information Protection Systems , 1973 .

[10]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[11]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[12]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[13]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[14]  Valérie Viet Triem Tong,et al.  Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy , 2009, RAID.

[15]  Dorothy E. Denning,et al.  Secure information flow in computer systems. , 1975 .

[16]  Larry Wall,et al.  Programming Perl , 1991 .

[17]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[18]  James Newsom,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Network and Distributed System Security Symposium Conference Proceedings : 2005 , 2005 .

[19]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[20]  Stephen McCamant,et al.  DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation , 2011, NDSS.

[21]  Trent Jaeger,et al.  Using CQUAL for Static Analysis of Authorization Hook Placement , 2002, USENIX Security Symposium.

[22]  Chris I. Dalton,et al.  Dynamic label binding at run-time , 2003, NSPW '03.

[23]  Michael Franz,et al.  Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[24]  Colin J. Fidge,et al.  A taint marking approach to confidentiality violation detection , 2012, AISC.

[25]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[26]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[27]  Harry J. Saal,et al.  Memoryless execution: A programmer's viewpoint , 1976, Softw. Pract. Exp..

[28]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[29]  Nicholas Nethercote,et al.  Valgrind: A Program Supervision Framework , 2003, RV@CAV.

[30]  Bei Yu,et al.  TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).