Skip to Main content Skip to Navigation
Conference papers

Detection of Side Channel Attacks Based on Data Tainting in Android Systems

Mariem Graa 1, 2 Nora Cuppens-Boulahia 1, 2 Frédéric Cuppens 1, 2 Jean-Louis Lanet 3 Routa Moussaileb 4 
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
3 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Malicious third-party applications can leak personal data stored in the Android system by exploiting side channels. TaintDroid uses a dynamic taint analysis mechanism to control the manipulation of private data by third-party apps [9]. However, TaintDroid does not propagate taint in side channels. An attacker can exploit this limitation to get private data. For example, Sarwar et al. [2] present side channel class of attacks using a medium that might be overlooked by the taint-checking mechanism to extract sensitive data in Android system. In this paper, we enhance the TaintDroid system and we propagate taint in side channels using formal policy rules. To evaluate the effectiveness of our approach, we analyzed 100 free Android applications. We found that these applications use different side channels to transfer sensitive data. We successfully detected that $$35\%$$35% of them leaked private information through side channels. Also, we detected Sarwar et al. [2] side channel attacks. Our approach generates $$9\%$$9% of false positives. The overhead given by our approach is acceptable in comparison to the one obtained by TaintDroid (9% overhead).
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 27, 2017 - 10:31:13 AM
Last modification on : Friday, August 5, 2022 - 2:54:52 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Mariem Graa, Nora Cuppens-Boulahia, Frédéric Cuppens, Jean-Louis Lanet, Routa Moussaileb. Detection of Side Channel Attacks Based on Data Tainting in Android Systems. SEC 2017 - 32th IFIP International Conference on ICT Systems Security and Privacy Protection, May 2017, Rome, Italy. pp.205-218, ⟨10.1007/978-3-319-58469-0_14⟩. ⟨hal-01648994⟩



Record views


Files downloads