COMP 3000 Essay 2 2010 Question 8: Difference between revisions
→Research problem: rough work; jotting out ideas |
No edit summary |
||
Line 42: | Line 42: | ||
* Effectiveness of analysis on a non-simulated platform | * Effectiveness of analysis on a non-simulated platform | ||
* Must be real-time and light-weight; the device has to remain "usable" in the eyes of the end user. | * Must be real-time and light-weight; the device has to remain "usable" in the eyes of the end user. | ||
Other Issues Due to Applications: | |||
*Applications are entrusted with several types of privacy sensitive information | |||
*Applications share information with each other | |||
<u>"Other Issues" important to mention as it leads to important design choices like Message level tracking etc.</u> | |||
Having created this system, the goal of the paper then turns to that of the misuse of identifying or private information stored on a smart phone. The researchers found that a large majority of the applications they tested were sharing information in ways that a user might not expect. The classic example is the wallpaper app that sends your phone number back to the developer. | Having created this system, the goal of the paper then turns to that of the misuse of identifying or private information stored on a smart phone. The researchers found that a large majority of the applications they tested were sharing information in ways that a user might not expect. The classic example is the wallpaper app that sends your phone number back to the developer. |
Revision as of 23:06, 22 November 2010
Paper
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Authors:
- William Enck, The Pennsylvania State University
- Peter Gilbert, Duke University
- Byung-Gon Chun, Intel Labs
- Landon P. Cox, Duke University
- Jaeyeon Jung, Intel Labs
- Patrick McDaniel, The Pennsylvania State University
- Anmol N. Sheth, Intel Labs
Official Website: http://www.appanalysis.org/
Direct Link to Paper: http://appanalysis.org/tdroid10.pdf
Video demonstration of TaintDroid in action: http://www.youtube.com/watch?v=qnLujX1Dw4Y
Background Concepts
Explain briefly the background concepts and ideas that your fellow classmates will need to know first in order to understand your assigned paper.
- Background on Information Flow Theory. Explicit and Implicit Flow.
- Background on the taint data tracking method, how it has been used in other systems (i.e. not phones)
- A reader's digest version of any new articles about this kind of security vulnerability on phones, on apps that collect more personal data than users would expect.
Research problem
note: the underlined headings are just for organizing thoughts! They should be removed before the due date!
What is the research problem being addressed by the paper?
Dynamic Taint Analysis has been around for a while (TODO when, where). The key contribution here is in producing an effective taint tracking system that can run in real-time on a device with serious constraints on performance and battery life, without impacting the end-user experience on the device too greatly.
Key issues with Dynamic Taint Analysis on a smart phone:
- Scarce system resources
- Effectiveness of analysis on a non-simulated platform
- Must be real-time and light-weight; the device has to remain "usable" in the eyes of the end user.
Other Issues Due to Applications:
- Applications are entrusted with several types of privacy sensitive information
- Applications share information with each other
"Other Issues" important to mention as it leads to important design choices like Message level tracking etc.
Having created this system, the goal of the paper then turns to that of the misuse of identifying or private information stored on a smart phone. The researchers found that a large majority of the applications they tested were sharing information in ways that a user might not expect. The classic example is the wallpaper app that sends your phone number back to the developer.
How does this problem relate to past related work?
Contribution
What are the research contribution(s) of this work? Specifically, what are the key research results, and what do they mean? (What was implemented? Why is it any better than what came before?)
Critique
What is good and not-so-good about this paper? You may discuss both the style and content; be sure to ground your discussion with specific references. Simple assertions that something is good or bad is not enough - you must explain why.
References
You will almost certainly have to refer to other resources; please cite these resources in the style of citation of the papers assigned (inlined numbered references). Place your bibliographic entries in this section.