Privacy Scope: A Precise Information Flow Tracking System For Finding Application Leaks

Yu Zhu and Jaeyeon Jung and Dawn Song and Tadayoshi Kohno and David Wetherall

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2009-145

October 27, 2009

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-145.pdf

We present Privacy Scope, a new system that tracks the movement of sensitive user data as it flows through off-the-shelf applications. Privacy Scope uses application-level dynamic taint analysis, implemented with dynamic binary translation tools, to let users run applications in their own environment while pinpointing information leaks, even when the sensitive data is encrypted. The system is made possible by techniques we developed for accurate and efficient tainting. Semantic-aware instruction-level tainting handles special cases and is critical to avoid taint explosion or loss. Function summaries provide an interface to handle taint propagation within the kernel and reduce the overhead of instruction-level tracking. On-demand instrumentation enables fast loading of large applications.

Together, these techniques let us run on large, multi-threaded, networked applications and precisely track where information goes. In tests on Internet Explorer, Yahoo! Messenger, and Windows Notepad, Privacy Scope generated no false positives and instrumented fewer than 5% of the executed instructions.

BibTeX citation:

@techreport{Zhu:EECS-2009-145,
    Author= {Zhu, Yu and Jung, Jaeyeon and Song, Dawn and Kohno, Tadayoshi and Wetherall, David},
    Title= {Privacy Scope: A Precise Information Flow Tracking System  For Finding Application Leaks},
    Year= {2009},
    Month= {Oct},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-145.html},
    Number= {UCB/EECS-2009-145},
    Abstract= {We present Privacy Scope, a new system that tracks the movement of sensitive user data as it flows through off-the-shelf applications. Privacy Scope uses application-level dynamic taint analysis, implemented with dynamic binary translation tools, to let users run applications in their own environment while pinpointing information leaks, even when the sensitive data is encrypted. The system is made possible by techniques we developed for accurate and efficient tainting. Semantic-aware instruction-level tainting handles special cases and is critical to avoid taint explosion or loss. Function summaries provide an interface to handle taint propagation within the kernel and reduce the overhead of instruction-level tracking. On-demand instrumentation enables fast loading of large applications.

Together, these techniques let us run on large, multi-threaded, networked applications and precisely track where information goes. In tests on Internet Explorer, Yahoo! Messenger, and Windows Notepad, Privacy Scope generated no false positives and instrumented fewer than 5% of the executed instructions.},
}

EndNote citation:

%0 Report
%A Zhu, Yu 
%A Jung, Jaeyeon 
%A Song, Dawn 
%A Kohno, Tadayoshi 
%A Wetherall, David 
%T Privacy Scope: A Precise Information Flow Tracking System  For Finding Application Leaks
%I EECS Department, University of California, Berkeley
%D 2009
%8 October 27
%@ UCB/EECS-2009-145
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-145.html
%F Zhu:EECS-2009-145