We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Reseach Article

Comnoid: Information Leakage Detection using Data Flow Analysis on Android Devices

by Sunita Dhavale, Bhushan Lokhande
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 134 - Number 7
Year of Publication: 2016
Authors: Sunita Dhavale, Bhushan Lokhande
10.5120/ijca2016907855

Sunita Dhavale, Bhushan Lokhande . Comnoid: Information Leakage Detection using Data Flow Analysis on Android Devices. International Journal of Computer Applications. 134, 7 ( January 2016), 15-20. DOI=10.5120/ijca2016907855

@article{ 10.5120/ijca2016907855,
author = { Sunita Dhavale, Bhushan Lokhande },
title = { Comnoid: Information Leakage Detection using Data Flow Analysis on Android Devices },
journal = { International Journal of Computer Applications },
issue_date = { January 2016 },
volume = { 134 },
number = { 7 },
month = { January },
year = { 2016 },
issn = { 0975-8887 },
pages = { 15-20 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume134/number7/23926-2016907855/ },
doi = { 10.5120/ijca2016907855 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:33:31.185383+05:30
%A Sunita Dhavale
%A Bhushan Lokhande
%T Comnoid: Information Leakage Detection using Data Flow Analysis on Android Devices
%J International Journal of Computer Applications
%@ 0975-8887
%V 134
%N 7
%P 15-20
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Security and privacy of Smartphone data are critical requirements in case of both personal as well as corporate environment. Hence, there is a need to come up with an effective solution in order to address data leakage issues in smartphones. Generally, taint analysis techniques are used for information flow tracking and data leakage detection purpose. Static Taint analysis techniques can detect the leakages that may not be exposed in runtime. Static analysis derives the information about program’s behaviour by inspecting the program’s code and discovering multiple paths of a program execution. In this work a static taint analysis tool Comnoid is proposed along with companion app ApkGrabber. Comnoid is based on open source tool FlowDroid and is capable of analyzing the inter app communication. Existing version of FlowDroid tool can provide precise static taint analysis but it lacks capability to analyze inter app communication between Android applications. Thus the aim of proposed scheme is to develop a tool to perform Static Taint analysis with inter app analysis which will take Android application APK files as an input and produce a data leakage report.

References
  1. Keith W. Miller, Jeffrey Voas, George F. Hurlburt, "BYOD: Security and Privacy Considerations", IT Professional (Volume:14,Issue:5), Sept.-Oct. 2012, pp.53-55.
  2. Antonio Scarfò, “New security perspectives around BYOD”, Seventh International Conference on Broadband”, Wireless Computing, Communication and Applications 2012
  3. International Data Corporation Press Release, http://www.idc.com/getdoc.jsp?containerId=prUS24257413, Aug. 07, 2013 [Oct. 24, 2013]
  4. Technology Research Gartner Inc, http://www.gartner.com/newsroom/id/2573415, Aug. 14, 2013 [Oct. 24, 2013]
  5. Android Security Overview, https://source.android.com/devices/tech/security/index.html [Oct. 24, 2013]
  6. Android Activity Lifecycle, http://developer.android.com/guide/components/activities.html [Oct. 24, 2013]
  7. Edward J. Schwartz, Thanassis Avgerinos, David Brumley, "All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)" SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp.317-331
  8. William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth. "TaintDroid: An Information-Flow Tracking System for Real-time Privacy Monitoring on Smart phones" 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI' 10) 2010.
  9. Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall, "These Aren't the Droids You're Looking For", Retroffiting Android to Protect Data from Imperious Applications In Proc. of ACM CCS, October 2011
  10. Daniel Schreckling, Johannes Kostler, Matthias Schaff, “Kynoid: Real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android”, information security technical report 17, pp.71-80, 2013
  11. Zhemin Yang and Min Yang, “LeakMiner: Detect Information Leakage on Android with Static Taint Analysis”, In Software Engineering (WCSE), 2012 Third World Congress on, pp.101–104, 2012
  12. Zhibo Zhao and F.C.C. Osono, “Trustdroid: Preventing the use of smartphones for information leaking in corporate networks through the used of static analysis taint tracking”. In Malicious and Unwanted Software (MALWARE), 7th International Conference on, pages 135–143, 2012
  13. Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Jacques Klein, Alexandre Bartel, Yves le Traon, Damien Octeau, Patrick McDaniel, “Highly Precise Taint Analysis for Android Applications”, EC SPRIDE Technical Report. Nr. TUD-CS-2013-0113. May, 2013
  14. Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen, “AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale”, Proceeding TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing pp.291-307, 2012
  15. Jinyung Kim, Yongho Yoon, Kwangkeun Yi, Junbum Shin, “ScanDal: Static Analyzer for Detecting Privacy Leaks in Android Applications” MoST 2012: Mobile Security Technologies, May 2012
  16. Golam Sarwar (Babil), Olivier Mehani, Roksana Boreli, Mohamed-Ali Kaafar, “On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-based Devices”, SECRYPT, 10th International Conference on Security and Cryptography 2013
  17. Steven Arzt, Siegfried Rasthofer, and Eric Bodden. “SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks”. Technical report, EC SPRIDE Technical Report TUD-CS-2013-0114, 2013
  18. Thomas Reps, Susan Horwitz, and Mooly Sagiv. “Precise interprocedural dataflow analysis via graph Reachability”, In POPL ’95, pp.49–61, 1995
  19. Paladion. Insecurebank test app. http://www.paladion.net/downloadapp.html [Oct. 25, 2013]
  20. ANTLR, http://www.antlr.org/ [Oct. 25, 2013]
  21. Jasmin, http: //jasmin.sourceforge.net/guide.html [Oct.25, 2013]
  22. FlowDroid Now Supports Implicit Flows, http://sseblog.ec-spride.de/2013/10/flowdroid-implicit-flows/ Oct. 01, 2013 [Oct. 25, 2013]
  23. B Lokhande, S Dhavale, “Overview of information flow tracking techniques based on taint analysis for android”, International Conference on Computing for Sustainable Global Development (INDIACom), 5-7 March 2014, New Delhi, Publisher: IEEE, pp. 749 – 753, 2014
  24. http://developer.android.com/reference/android/app/ PendingIntent.html [Oct. 25, 2013]
  25. Erika Chin, Adrienne Porter Felt, Kate Greenwood and David Wagner, “Analyzing Inter-Application Communication in Android”, In the Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys 2011), Bethesda, MD, USA, June 28 - July 01, 2011
Index Terms

Computer Science
Information Sciences

Keywords

Android Operating System static and dynamic taint analysis data flow analysis Mobile Security