Name
Title | ||
|---|---|---|
Privacy oracle: a system for finding application leaks with black box differential testing |
Abstract | ||
|---|---|---|
We describe the design and implementation of Privacy Oracle, a system that reports on application leaks of user information via the network traffic that they send. Privacy Oracle treats each application as a black box, without access to either its internal structure or communication protocols. This means that it can be used over a broad range of applications and information leaks (i.e., not only Web traffic or credit card numbers). To accomplish this, we develop a differential testing technique in which perturbations in the application inputs are mapped to perturbations in the application outputs to discover likely leaks; we leverage alignment algorithms from computational biology to find high quality mappings between different byte-sequences efficiently. Privacy Oracle includes this technique and a virtual machine-based testing system. To evaluate it, we tested 26 popular applications, including system and file utilities, media players, and IM clients. We found that Privacy Oracle discovered many small and previously undisclosed information leaks. In several cases, these are leaks of directly identifying information that are regularly sent in the clear (without end-to-end encryption) and which could make users vulnerable to tracking by third parties or providers. |
Year | DOI | Venue |
|---|---|---|
2008 | 10.1145/1455770.1455806 | ACM Conference on Computer and Communications Security |
Keywords | Field | DocType |
privacy oracle,user information,web traffic,information leak,application input,undisclosed information leak,black box differential testing,application leak,virtual machine-based testing system,popular application,application output,sequence alignment,computational biology,virtual machine,black box testing,communication protocol | Black box (phreaking),Web traffic,Computer science,Computer security,Oracle,Credit card,White-box testing,User information,Encryption,Communications protocol | Conference |
Citations | PageRank | References |
41 | 4.27 | 12 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Jaeyeon Jung | 1 | 2507 | 172.63 |
| Anmol Sheth | 2 | 2231 | 145.03 |
| Ben Greenstein | 3 | 1166 | 88.42 |
| David Wetherall | 4 | 7819 | 683.44 |
| Gabriel Maganis | 5 | 98 | 8.05 |
| Tadayoshi Kohno | 6 | 4540 | 317.26 |