Detection of Side Channel Attacks Based on Data Tainting in Android Systems

Graa, Mariem; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Lanet, Jean-Louis; Moussaileb, Routa

doi:10.1007/978-3-319-58469-0_14

Cited by 8 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Original data can be transformed, for example, by writing its content in a pixel bitmap. However, TaintDroid issues warning reports if tainted data is leaked by an application, even if it was transformed since the taint is propagated through these side channels [25]. A similar tool developed by Sun et al enables a multilevel information flow tracking by utilizing registers for taint storage, having only a 15% overhead on the CPU [44].…”

Section: Where To Find Sensitive Data and How To Track It?mentioning

confidence: 99%

See 1 more Smart Citation

Watch out! Doxware on the way…

Moussaileb

Navas

Cuppens

2020

Journal of Information Security and Applications

Self Cite

View full text Add to dashboard Cite

Malware remains the number one threat for individuals, enterprises, and governments. Malware's aftermath can cause irreversible casualties if the requirements of the attackers are not met in time. Security researchers' primary objective is protecting the assets that a person/company possesses. They are in a constant battle in this cyberwar facing attackers' malicious intent. To compete in this arms race against security breaches, we propose an insight into plausible attacks, especially Doxware (also called leakware). We present a quantification model that explores the Windows file system in search of valuable data. It is based on the Term Frequency-Inverse Document Frequency (TF-IDF) solution provided in the literature for information retrieval. The highest-ranked files will be then exfiltrated over the Internet to the attacker's server. Then, we studied possible countermeasures including deceptionbased techniques. Amongst the existent ones, we implemented and tested one based on honeypot files and folders to protect users' assets. We conclude by presenting future perspectives in this area with the possible counter-countermeasures that can be used by an attacker to bypass current detection mechanisms. Our approach delivers an observation of the evolution of malware throughout the last years. It enables users to prevent their sensitive information from being exposed to potential risks.

show abstract

Section: Where To Find Sensitive Data and How To Track It?mentioning

confidence: 99%

“…It presents an enhancement of TaintDroid formerly developed in terms of taint storage and resource consumption [17]. Considerable research is being conducted in this field as in [19,25,50,51].…”

Section: Where To Find Sensitive Data and How To Track It?mentioning

confidence: 99%