DROIT+: Taint tracking for storage access on android

Chia Wei Hsu, Chia Huei Chang, Chi Wei Wang*, Shiuhpyng Shieh

*Corresponding author for this work

Research output: Contribution to journalArticle

Abstract

The leakage of sensitive data has been a major concern in Android ecosystem. Analysts therefore propose dynamical taint tracking to effectively track the data flow of accessed data. However, the off-the-shelf taint tracking systems lack byte-granularity support for storage tracking. In this paper, we propose DROIT+ which uses the fine-grained storage tracking technique to track data flow among Android storages. DROIT+ is able to reveal the composition of data flows. Storage tracking on Android is difficult since data flows of apps may span heterogeneous media including memory, SD cards, NAND Flash, and network adapters. To capture a whole picture of data flows in storage, we formally define data flow and propose our method from both logical and physical perspectives. The method has also been implemented as an extension to the proposed tracking system, DROIT. Two case studies and two benchmark tools are used for the evaluation in terms of storage tracking ability, network tracking ability, and efficiency, respectively. The result shows that DROIT+ provides a better coverage using byte-granularity taint tracking.

Original languageEnglish
Pages (from-to)1237-1254
Number of pages18
JournalJournal of Information Science and Engineering
Volume33
Issue number5
DOIs
StatePublished - 1 Sep 2017

Keywords

  • Android
  • File system
  • Information flow
  • Mobile security
  • Taint tracking

Fingerprint Dive into the research topics of 'DROIT+: Taint tracking for storage access on android'. Together they form a unique fingerprint.

  • Cite this