Dynamic Taint Tracking Simulation


Detection of unauthorized disclosure of sensitive data is still an open problem. Taint tracking is one effective approach to detect information disclosure attacks. In this paper, we give an overview of dynamic taint tracking systems for Android. First, we discuss systems and identify their shortcomings. The contribution of this paper is to present a novel solution for these shortcomings. For that purpose, we have developed a simulation concept and a prototype implementation. Special features are the possibility to record simulations and play them back automatically. By comparing the original simulation with a repeated simulation a changed security level can be detected.

Proc. ICETE 2019: E-Business and Telecommunications