F. Berner, J. Sametinger: Information Disclosure Detection in Cyber-Physical Systems, IWCFS 2019 - 3rd International Workshop on Cyber-Security and Functional Safety in Cyber-Physical Systems, Linz, Austria, August 26-29, 2019, DOI: 10.1007/978-3-030-27684-3_12
The detection of information disclosure attacks, i. e. theunauthorized disclosure of sensitive data, is a dynamic research field.The disclosure of sensitive data can be detected by various static anddynamic security analysis methods. In the context of Android, dynamictaint-tracking systems like Taintdroid have turned out to be especiallypromising. Here we present a simulation environment, which is based onexisting dynamic taint-tracking systems. It extends these and changes theanalysis concept behind the taint-tracking system it uses. While tainttrackingis mainly used for mobile devices running Android, we postulatethe importance of detecting information disclosure in any cyber-physicalsystem. In this paper, we explore the detection of information disclosureby simulating devices and monitoring the information flows inside andamong the devices.