Practical Always-on Taint Tracking on Mobile Devices

Wednesday, May 20, 2015 - 11:30am-12:00pm
Authors: 

Justin Paupore, Earlence Fernandes, and Atul Prakash, University of Michigan; Sankardas Roy and Xinming Ou, Kansas State University

Abstract: 

Taint tracking is a crucial yet expensive security primitive. In the context of mobile devices, given the volume of sensitive data being generated and manipulated, taint tracking is an important aspect of defense in depth, yet is not widely adopted due to performance and energy constraints. Existing work has proposed several forms of optimization for desktop based systems – software only mechanisms, static analysis, hybrid analysis, and hardware-assisted techniques. This paper makes the case for an always-on taint tracking system for mobile devices that embraces the unique properties of mobile operating systems – interpreted runtimes, well-defined APIs, and an overlooked ARM processor feature. Our proposed system combines precise static analysis on Java code and real-time instruction trace support widely available on ARM processors to enable efficient taint tracking.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Paupore PDF
View the slides
BibTeX
@inproceedings {189938,
author = {Justin Paupore and Earlence Fernandes and Atul Prakash and Sankardas Roy and Xinming Ou},
title = {Practical Always-on Taint Tracking on Mobile Devices},
booktitle = {15th Workshop on Hot Topics in Operating Systems (HotOS {XV})},
year = {2015},
address = {Kartause Ittingen, Switzerland},
url = {https://www.usenix.org/conference/hotos15/workshop-program/presentation/paupore},
publisher = {{USENIX} Association},
}
Download