Paper Info
Title
AppCaulk: Data Leak Prevention by Injecting Targeted Taint Tracking into Android Apps
Abstract
As Android is entering the business domain, leaks of business-critical and personal information through apps become major threats. Due to the context-insensitive nature of the Android permission model, information flow policies cannot be enforced by on-board mechanisms. We therefore propose AppCaulk, an approach to harden any existing Android app by injecting a targeted dynamic taint analysis, which tracks and blocks unwanted information flows at runtime. Critical data flows are first discovered using a static taint analysis and the relevant data propagation paths are instrumented by a taint tracking code at register level. At runtime the dynamic taint analysis woven into the app detects and blocks data leaks as they are about to occur. In contrast to existing taint analysis approaches like Taint droid, AppCaulk does not require modification of the Android middleware and can thus be applied to any stock Android installation. In this paper, we explain the design of AppCaulk, describe the evaluation of its prototype, and compare its effectiveness with Taint droid.
Year
DOI
Venue
2014
10.1109/TrustCom.2014.48
TrustCom
Keywords
Field
DocType
android, information flow, taint analysis, instrumentation,middleware,registers,humanoid robots
Middleware,Information flow (information theory),Permission,Android app,Android (operating system),Computer science,Computer security,Taint checking,Business domain,Personally identifiable information,Operating system
Conference
ISSN
Citations 
PageRank 
2324-898X
5
0.50
References 
Authors
7
3
Name
Order
Citations
PageRank
Julian Schütte15814.61
Dennis Titze2183.46
J. M. De Fuentes350.50