V-DIFT: Vector-Based Dynamic Information Flow Tracking with Application to Locating Cryptographic Keys for Reverse Engineering

Espinoza, Antonio M.; Knockel, Jeffrey; Comesana-Alfaro, Pedro; Crandall, Jedidiah R.

doi:10.1109/ares.2016.97

Cited by 6 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DIFT, also called Dynamic Taint Analysis (DTA), is used in a plethora of scenarios, to keep track of the information as it flows through a program's or system's execution: some inputs or data get tainted and then these taint marks (often called tags) propagate at the instruction or application level. Due to promising flexibility that DIFT offers, it has been considered for various privacy and security frameworks; not only within the IoT applet context [3], [1], but also computer and cellular environments [4], [5], [6], [2]. Specifically, in [3], the proposed DIFT keeps a single float number, usually called label, per taintable object, namely per variable, to dictate how secure it is in that applet.…”

Section: Introductionmentioning

confidence: 99%

DDIFT: Decentralized Dynamic Information Flow Tracking for IoT Privacy and Security

Sapountzis¹,

Sun²,

Oliveira³

2019

Proceedings 2019 Workshop on Decentralized IoT Systems and Security

View full text Add to dashboard Cite

By 2018, it is no secret to the global networking community: Internet of Things (IoT) devices, usually controlled by IoT applications and applets, have dominated human lives. It has been shown that popular applet platforms (including If This Then That (IFTTT)) are susceptible to attacks that try to exfiltrate private photos, leak user location, etc. As new attacks might show up very frequently, tracking them fast and in an efficient and scalable manner is a daunting task due to the limited (e.g., memory, energy) resources at the IoT/mobile device and the large network size. Towards that direction, in this paper we propose a decentralized Dynamic Information Flow Tracking (DDIFT) framework that overcomes these challenges, better adapts to the IoT context, and further, is able to illuminate IoT applet attacks. In doing so, we leverage the synergy between: (i) a dynamic information flow tracking module that considers the application of tags with different types along with provenance information and runs in the mobile device at a fast timescale, (ii) a forensics analysis module running in the cloud at a slow timescale, (iii) distributed optimization to optimize various functionalities of the above modules as well as their interaction. We show that our framework is able to detect IoT applet attacks with higher accuracy (on average 81% improvement for different URL upload attack scenarios) and decreases resource wastage (on average 71% less memory usage under different integrity attack scenarios) compared to traditional DIFT, opening new horizons for IoT privacy and security.

show abstract

Section: Introductionmentioning

confidence: 99%