Dynamic taint analysis – a program analysis technique that checks whether information flows between particular source and sink locations in the program, has numerous applications in security, program comprehension, and software testing. Specifically, in mobile software, taint analysis is often used to determine whether mobile apps contain stealthy behaviors that leak user-sensitive information to unauthorized third-party servers. While a number of dynamic taint analysis techniques for Android software have been recently proposed, none of them is able to report the complete information propagation path, only reporting flow endpoints, i.e., sources and sinks of the detected information flows. This design optimizes for runtime performance and allows the techniques to run efficiently on a mobile device. Yet, it impedes the applicability and usefulness of the techniques: an analyst using the tool would need to manually identify information propagation paths, e.g., to determine whether appropriate sanitization occurred before the information is released, which is a challenging task in large real-world applications.
In this paper, we address this problem by proposing a dynamic taint analysis technique that reports accurate taint propagation paths. We implement it in a tool, ViaLin, and evaluate it on a set of existing benchmark applications and on 16 large Android applications from the Google Play store. Our evaluation shows that ViaLin accurately detects taint flow paths and, at the same time, is able to run on a mobile device with a relatively low time and memory overhead.
Thu 7 DecDisplayed time zone: Pacific Time (US & Canada) change
14:00 - 15:30 | Security IIResearch Papers / Journal First at Golden Gate C3 Chair(s): Caroline Lemieux University of British Columbia | ||
14:00 15mTalk | Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors Research Papers Ruoxi Sun CSIRO's Data61, Jason Minhui Xue CSIRO’s Data61, Gareth Tyson Hong Kong University of Science and Technology, Tian Dong Shanghai Jiao Tong University, Shaofeng Li Shanghai Jiao Tong University, Shuo Wang CSIRO's Data61, Haojin Zhu Shanghai Jiao Tong University, Seyit Camtepe CSIRO Data61, Surya Nepal CSIRO’s Data61 Media Attached | ||
14:15 15mTalk | Security Misconfigurations in Open Source Kubernetes Manifests: An Empirical Study Journal First Akond Rahman Auburn University, USA, Shazibul Islam Shamim Auburn University, Dibyendu Brinto Bose Virginia Tech, Rahul Pandita GitHub, Inc. Media Attached | ||
14:30 15mTalk | Crystallizer: A Hybrid Path Analysis Framework To Aid in Uncovering Deserialization Vulnerabilities Research Papers Prashast Srivastava Columbia University, USA, Flavio Toffalini EPFL, Kostyantyn Vorobyov Oracle Labs, Australia, François Gauthier Oracle Labs, Antonio Bianchi Purdue University, Mathias Payer EPFL Media Attached | ||
14:45 15mTalk | Neural Transfer Learning for Repairing Security Vulnerabilities in C Code Journal First Zimin Chen KTH Royal Institute of Technology, Steve Kommrusch Leela AI, Martin Monperrus KTH Royal Institute of Technology Media Attached | ||
15:00 15mTalk | ViaLin: Path-Aware Dynamic Taint Analysis for Android Research Papers Khaled Ahmed University of British Columbia (UBC), Yingying Wang University of British Columbia, Mieszko Lis The University of British Columbia, Canada, Julia Rubin University of British Columbia, Canada Media Attached | ||
15:15 15mTalk | [Remote] Distinguishing Look-Alike Innocent and Vulnerable Code by Subtle Semantic Representation Learning and Explanation Research Papers Chao Ni School of Software Technology, Zhejiang University, Xin Yin The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Kaiwen Yang College of Computer Science and Technology, Zhejiang University, Dehai Zhao Australian National University, Australia, Zhenchang Xing Data61, Xin Xia Huawei Technologies Media Attached | ||