Title :
Formal Characterization of Illegal Control Flow in Android System
Author :
Graa, Mariem ; Cuppens-Boulahia, Nora ; Cuppens, Frederic ; Cavalli, Ana
Author_Institution :
Telecom-Bretagne, Cesson-Sevigne, France
Abstract :
The dynamic taint analysis mechanism is used to protect sensitive data in the Android system. But this technique does not detect control flows which can cause an under-tainting problem. This means that some values should be marked as tainted, but are not. The under-tainting problem can be the cause of a failure to detect a leak of sensitive information. To solve this problem, we use a set of formally defined rules that describes the taint propagation. We prove the completeness of these rules. Also, we provide a correct and complete algorithm based on these rules to solve the under-tainting problem.
Keywords :
Android (operating system); data privacy; failure analysis; security of data; system monitoring; Android system; dynamic taint analysis mechanism; failure; formal characterization; illegal control flow; leak detection; sensitive data protection; taint propagation; under-tainting problem; Algorithm design and analysis; Connectors; Context; Heuristic algorithms; Security; Smart phones; android system; complete algorithm; control flows; dynamic taint analysis; formal rules; under-tainting;
Conference_Titel :
Signal-Image Technology & Internet-Based Systems (SITIS), 2013 International Conference on
Conference_Location :
Kyoto
DOI :
10.1109/SITIS.2013.56
