Detection of Side Channel Attacks Based on Data Tainting in Android Systems - ICT Systems Security and Privacy Protection (SEC 2017)
Conference Papers Year : 2017

Detection of Side Channel Attacks Based on Data Tainting in Android Systems

Abstract

Malicious third-party applications can leak personal data stored in the Android system by exploiting side channels. TaintDroid uses a dynamic taint analysis mechanism to control the manipulation of private data by third-party apps [9]. However, TaintDroid does not propagate taint in side channels. An attacker can exploit this limitation to get private data. For example, Sarwar et al. [2] present side channel class of attacks using a medium that might be overlooked by the taint-checking mechanism to extract sensitive data in Android system. In this paper, we enhance the TaintDroid system and we propagate taint in side channels using formal policy rules. To evaluate the effectiveness of our approach, we analyzed 100 free Android applications. We found that these applications use different side channels to transfer sensitive data. We successfully detected that $$35\%$$35% of them leaked private information through side channels. Also, we detected Sarwar et al. [2] side channel attacks. Our approach generates $$9\%$$9% of false positives. The overhead given by our approach is acceptable in comparison to the one obtained by TaintDroid (9% overhead).
Fichier principal
Vignette du fichier
449885_1_En_14_Chapter.pdf (1.53 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01648994 , version 1 (27-11-2017)

Licence

Identifiers

Cite

Mariem Graa, Nora Cuppens-Boulahia, Frédéric Cuppens, Jean-Louis Lanet, Routa Moussaileb. Detection of Side Channel Attacks Based on Data Tainting in Android Systems. SEC 2017 - 32th IFIP International Conference on ICT Systems Security and Privacy Protection, May 2017, Rome, Italy. pp.205-218, ⟨10.1007/978-3-319-58469-0_14⟩. ⟨hal-01648994⟩
761 View
597 Download

Altmetric

Share

More