Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile Applications

We introduce an enhanced information-flow analysis for tracking the amount of confidential data that is possibly released to third parties by a mobile application. The main novelty of our solution is that it can explicitly keep track of the footprint of data sources in the expressions formed and manipulated by the program, as well as of transformations over them, yielding a lazy approach with finer granularity, which may reduce false positives with respect to state-of-the-art information-flow analyses.

[1]  Shay Artzi,et al.  F4F: taint analysis of framework-based web applications , 2011, OOPSLA '11.

[2]  Eran Tromer,et al.  Noninterference for a Practical DIFC-Based Operating System , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[3]  Agostino Cortesi,et al.  A Survey on Product Operators in Abstract Interpretation , 2013, Festschrift for Dave Schmidt.

[4]  Dawn Song,et al.  Malware Detection , 2010, Advances in Information Security.

[5]  Mário S. Alvim,et al.  When Not All Bits Are Equal: Worth-Based Information Flow , 2014, POST.

[6]  Agostino Cortesi,et al.  SAILS: static analysis of information leakage with sample , 2012, SAC '12.

[7]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[8]  Antoine Miné,et al.  The octagon abstract domain , 2001, High. Order Symb. Comput..

[9]  Julia Rubin,et al.  A Bayesian Approach to Privacy Enforcement in Smartphones , 2014, USENIX Security Symposium.

[10]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[11]  Geoffrey Smith,et al.  Principles of Secure Information Flow Analysis , 2007, Malware Detection.

[12]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[13]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[14]  Bixin Li,et al.  Analyzing information-flow in java program based on slicing technique , 2002, SOEN.

[15]  Scott F. Smith,et al.  Refactoring programs to secure information flows , 2006, PLAS '06.

[16]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[17]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[18]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[19]  Agostino Cortesi,et al.  Static Analysis of String Values , 2011, ICFEM.

[20]  Agostino Cortesi,et al.  Information leakage analysis of database query languages , 2014, SAC.

[21]  Avik Chaudhuri,et al.  Language-based security on Android , 2009, PLAS '09.

[22]  Patrick Cousot,et al.  A parametric segmentation functor for fully automatic and scalable array content analysis , 2011, POPL '11.

[23]  Patrick Cousot,et al.  Abstract interpretation: past, present and future , 2014, CSL-LICS.

[24]  Nikolai Tillmann,et al.  User-aware privacy control via extended static-information-flow analysis , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[25]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[26]  Francesco Logozzo Class invariants as abstract interpretation of trace semantics , 2009, Comput. Lang. Syst. Struct..

[27]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[28]  Pietro Ferrara Generic Combination of Heap and Value Analyses in Abstract Interpretation , 2014, VMCAI.

[29]  Eric Bodden,et al.  DroidForce: Enforcing Complex, Data-centric, System-wide Policies in Android , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[30]  Salvador Cavadini,et al.  Secure slices of insecure programs , 2008, ASIACCS '08.

[31]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[32]  Andrew C. Myers,et al.  A Semantic Framework for Declassification and Endorsement , 2010, ESOP.

[33]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[34]  David Sands,et al.  Differential Privacy , 2015, POPL.

[35]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[36]  Manu Sridharan,et al.  TAJ: effective taint analysis of web applications , 2009, PLDI '09.

[37]  Pietro Ferrara,et al.  Hybrid security analysis of web JavaScript code via dynamic partial evaluation , 2014, ISSTA 2014.

[38]  Gregor Snelting,et al.  On temporal path conditions in dependence graphs , 2007, IEEE Working Conference on Source Code Analysis and Manipulation.

[39]  Bashar Nuseibeh,et al.  Engineering adaptive privacy: On the role of privacy awareness requirements , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[40]  Antoine Mid The Octagon Abstract Domain , 2001 .

[41]  Gregor Snelting,et al.  Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs , 2009, International Journal of Information Security.

[42]  Deepak Garg,et al.  Dependent Type Theory for Verification of Information Flow and Access Control Policies , 2013, TOPL.

[43]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[44]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[45]  Torben Amtoft,et al.  A logic for information flow analysis with an application to forward slicing of simple imperative programs , 2007, Sci. Comput. Program..

[46]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.