NDroid: Towards Tracking Information Flows across Multiple Android Contexts

Lei Xue; Chenxiong Qian; Hao Zhou; Xiapu Luo; Yajin Zhou; Yuru Shao; Alvin T.S. Chan

doi:10.1109/TIFS.2018.2866347

NDroid: Towards Tracking Information Flows across Multiple Android Contexts

Lei Xue
, Chenxiong Qian
, Hao Zhou
, Xiapu Luo
, Yajin Zhou
, Yuru Shao
, Alvin T.S. Chan

Research output: Journal article publication › Journal article › Academic research › peer-review

Abstract

For performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead.

Original language	English
Pages (from-to)	814-828
Journal	IEEE Transactions on Information Forensics and Security
Volume	14
Issue number	3
DOIs	https://doi.org/10.1109/TIFS.2018.2866347
Publication status	Published - 21 Aug 2018

More information

10.1109/TIFS.2018.2866347

Cite this

@article{b78ff199445042419fc3583fa1d16d4f,

title = "NDroid: Towards Tracking Information Flows across Multiple Android Contexts",

abstract = "For performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead.",

author = "Lei Xue and Chenxiong Qian and Hao Zhou and Xiapu Luo and Yajin Zhou and Yuru Shao and Chan, \{Alvin T.S.\}",

year = "2018",

month = aug,

day = "21",

doi = "10.1109/TIFS.2018.2866347",

language = "English",

volume = "14",

pages = "814--828",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "IEEE",

number = "3",

}

TY - JOUR

T1 - NDroid: Towards Tracking Information Flows across Multiple Android Contexts

AU - Xue, Lei

AU - Qian, Chenxiong

AU - Zhou, Hao

AU - Luo, Xiapu

AU - Zhou, Yajin

AU - Shao, Yuru

AU - Chan, Alvin T.S.

PY - 2018/8/21

Y1 - 2018/8/21

N2 - For performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead.

AB - For performance and compatibility reasons, developers tend to use native code in their applications (or simply apps). This makes a bidirectional data flow through multiple contexts, i.e., the Java context and the native context, in Android apps. Unfortunately, this interaction brings serious challenges to existing dynamic analysis systems, which fail to capture the data flow across different contexts. In this paper, we first performed a large-scale study on apps using native code and reported some observations. Then, we identified several scenarios where data flow cannot be tracked by existing systems, leading to uncaught information leakage. Based on these insights, we designed and implemented NDroid, an efficient dynamic taint analysis system that could track the data flow between both Java context and native context. The evaluation of real apps demonstrated the effectiveness of NDroid in identifying information leakage with reasonable performance overhead.

U2 - 10.1109/TIFS.2018.2866347

DO - 10.1109/TIFS.2018.2866347

M3 - Journal article

SN - 1556-6013

VL - 14

SP - 814

EP - 828

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

IS - 3

ER -

NDroid: Towards Tracking Information Flows across Multiple Android Contexts

Abstract

More information

Fingerprint

Cite this