Fine-Grained Binary Analysis Method for Privacy Leakage Detection on the Cloud Platform

Nowadays cloud architecture is widely applied on the internet.New malware aiming at the privacy data stealing or crypto currency mining is threatening the security of cloud platforms.In view of the problems with existing application behavior monitoring methods such as coarse-grained analysis,high performance overhead and lack of applicability,this paper proposes a new fine-grained binary program monitoring and analysis method based on multiple system level components,which is used to detect the possible privacy leakage of applications installed on cloud platforms.It can be used online in cloud platform environments for fine-grained automated analysis of target programs,ensuring the stability and continuity of program execution.We combine the external interception and internal instrumentation and design a variety of optimization schemes to further reduce the impact of fine-grained analysis on the performance of target programs,enabling it to be employed in actual environments.The experimental results show that the proposed method is feasible and can achieve the acceptable analysis performance while consuming a small amount of system resources.The optimization schemes can go beyond traditional dynamic instrumentation methods with better analytical performance and can be more applicable to online analysis on cloud platforms.

A survey of privacy protection techniques for mobile devices

Modern mobile devices provide a wide variety of services.Users are able to access these services for many sensitive tasks relating to their everyday lives(e.g.,finance,home,or contacts).However,these services also provide new attack surfaces to attackers.Many efforts have been devoted to protecting mobile users from privacy leakage.In this work,we study state-of-the-art techniques for the detection and protection of privacy leakage and discuss the evolving trends of privacy research.

TPII:tracking personally identifiable information via user behaviors in HTTP traffic

It is widely common that mobile applications collect non-critical personally identifiable information(PII)from users'devices to the cloud by application service providers(ASPs)in a positive manner to provide precise and recommending services.Meanwhile,Internet service providers(ISPs)or local network providers also have strong requirements to collect PIIs for finer-grained traffic control and security services.However,it is a challenge to locate PIIs accurately in the massive data of network traffic just like looking a needle in a haystack.In this paper,we address this challenge by presenting an efficient and light-weight approach,namely TPII,which can locate and track PIIs from the HTTP layer rebuilt from raw network traffics.This approach only collects three features from HTTP fields as users'behaviors and then establishes a tree-based decision model to dig PIIs efficiently and accurately.Without any priori knowledge,TPII can identify any types of PIIs from any mobile applications,which has a broad vision of applications.We evaluate the proposed approach on a real dataset collected from a campus network with more than 13k users.The experimental results show that the precision and recall of TPII are 91.72%and 94.51%respectively and a parallel implementation of TPII can achieve 213 million records digging and labelling within one hour,reaching near to support 1Gbps wirespeed inspection in practice.Our approach provides network service providers a practical way to collect PIIs for better services.

DroidEcho:an in-depth dissection of malicious behaviors in Android applications

A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency.However,it is still far from expectation to describe attacks precisely on the Android platform.In addition,new features on Android,such as communication mechanisms,introduce new challenges and difficulties for attack detection.In this paper,we propose abstract attack models to precisely capture the semantics of various Android attacks,which include the corresponding targets,involved behaviors as well as their execution dependency.Meanwhile,we construct a novel graph-based model called the inter-component communication graph(ICCG)to describe the internal control flows and inter-component communications of applications.The models take into account more communication channel with a maximized preservation of their program logics.With the guidance of the attack models,we propose a static searching approach to detect attacks hidden in ICCG.To reduce false positive rate,we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms.Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.