F. Berner, R. Mayrhofer, J. Sametinger: Dynamic Taint Tracking Simulation, in: Obaidat M. (eds) E-Business and Telecommunications, ICETE 2019, Communications in Computer and Information Science, Vol 1247, Springer, Cham., 2020 Doi: 10.1007/978-3-030-52686-3_9

Detection of unauthorized disclosure of sensitive data is still an open problem. Taint tracking is one effective approach to detect information disclosure attacks. In this paper, we give an overview of dynamic taint tracking systems for Android. First, we discuss systems and identify their shortcomings. The contribution of this paper is to present a novel solution for these shortcomings. For that purpose, we have developed a simulation concept and a prototype implementation. Special features are the possibility to record simulations and play them back automatically. By comparing the original simulation with a repeated simulation a changed security level can be detected.

Dynamic Taint Tracking Simulation