Protection against Code Obfuscation Attacks based on control dependencies in Android Systems

International audienceIn Android systems, an attacker can obfuscate an application code to leak sensitive information. TaintDroid is an information flow tracking system that protects private data in smartphones. But, TainDroid cannot detect control flows. Thus, it can be circumvented by an obfuscated code attack based on control dependencies. In this paper, we present a collection of obfuscated code attacks on TaintDroid system. We propose a technical solution based on a hybrid approach that combines static and dynamic analysis. We formally specify our solution based on two propagation rules. Finally, we evaluate our approach and show that we can avoid the obfuscated code attacks based on control dependencies by using these propagation rules

Detection of illegal control flow in Android System: Protecting private data used by Smartphone Apps

International audienceToday, security is a requirement for smartphone operating systems that are used to store and handle sensitive information. How- ever, smartphone users usually download third-party applications that can leak personal data without user authorization. For this reason, the dynamic taint analysis mechanism is used to control the manipulation of private data by third-party apps [9]. But this technique does not detect control flows. In particular, untrusted applications can circumvent An- droid system and get privacy sensitive information through control flows. In this paper, we propose a hybrid approach that combines static and dynamic analysis to propagate taint along control dependencies in An- droid system. To evaluate the effectiveness of our approach, we analyse 27 free Android applications. We found that 14 of these applications use control flows to transfer sensitive data. We successfully detect that 8 of them leaked private information. Our approach creates 19% performance overhead that is due to the propagation of taint in the control flow. By using our approach, it becomes possible to detect leakage of personal data through control flows

fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality

International audienceRDF is an increasingly used framework for describing Web resources, including sensitive and confidential resources. In this context, we need an expressive language to query RDF databases. SPARQL has been defined to easily localize and extract data in an RDF graph. Since confidential data are accessed, SPARQL queries must be filtered so that only authorized data are returned with respect to some confidentiality policy. In this paper, we model a confidentiality policy as a set of positive and negative filters (corresponding respectively to permissions and prohibitions) that apply to SPARQL queries. We then define rewriting algorithms that transform the queries so that the results returned by transformed queries are compliant with the confidentiality policy

Expression and deployment of reaction policies

International audienceCurrent prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms, including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly

A French Anonymization Experiment with Health Data

International audienceIn this paper, a case study about a microdata anonymization test is presented. The work has been made considering a French administrative health dataset with indirect identifiers and sensitive variables about hospital stays. Two approaches to build a k-anonymized file are described, and software used in the test are compared

Cover Story

International audienceCover story has been a controversial concept for the last 20 years. This concept was first introduced in 1991 in the SEAVIEW project [4] as an explanation for the polyinstantiation technique used in multilevel databases, i.e., databases which support a multilevel security policy. To illustrate the concept of polyinstantiation, consider the example of multilevel relational database that contains the relation EMPLOYEE as shown in Table 1. This relation stores the salary of each employee of some organization. The additional attribute called "Tuple_class" represents the classification level assigned to each tuple in relation EMPLOYEE. To get an access to this multilevel relation, each user receives a clearance level

Spécification et gestion des obligations pour le besoin de contrôle dusage (un aperçu)

National audienceLes modèles de contrôle daccès « classiques » permettent de spécifier si un sujet a lautorisation de réaliser une action sur un objet du SI. Éventuellement, une condition contextuelle peut être associée à lautorisation; cette condition doit être satisfaite avant que laction puisse être réalisée. Avec le développement dapplications telles que la gestion de droits électroniques (DRM, Digital Right Management), il faut être capable de spécifier des conditions qui doivent être satisfaites non seulement avant mais aussi pendant ou après quune action soit réalisée. Par exemple, un serveur permettant découter des morceaux de musique doit pouvoir spécifier que le paiement doit seffectuer avant, pendant ou bien après lécoute du morceau. Pour exprimer ce type de politique dautorisation, les modèles de contrôle daccès ne sont plus suffisants. Cest la raison pour laquelle des modèles de contrôle dusage commencent à être proposés. Dans cet article, nous montrons comment spécifier des exigences de contrôle dusage sous forme dobligations. Nous nous intéressons notamment aux obligations individuelles ainsi quaux obligations collectives sappliquant à un groupe dutilisateurs

Détection de flux de contrôle illégaux dans les Smartphones

National audienceLa sécurité dans les systèmes embarqués tels que les smartphones exige une protection des données privées manipulées par les applications tierces. Certains mécanismes utilisent des techniques d’analyse dynamique basées sur le « data-tainting » pour suivre les flux d’informationsdans le programme. Mais ces techniques ne peuvent pas détecter les flux de contrôles qui utilisent des instructions conditionnelles pour transférer implicitement les informations. En particulier, les applications malveillantes peuvent contourner le système Android et obtenir des informations sensibles à travers les flux de contrôles. Nous proposons une amélioration de l’analyse dynamique qui propage la teinte tout au long des dépendances de contrôles en utilisant les données fournies par l’analyse statique dans les systèmes Android. Notre approche réussit à détecter des attaques de contrôle de flux sur les smartphones

Multilevel Security Policies

International audienceExpanded into two volumes, the Second Edition of Springer's Encyclopedia of Cryptography and Security brings the latest and most comprehensive coverage of the topic: Definitive information on cryptography and information security from highly regarded researchers Effective tool for professionals in many fields and researchers of all levels Extensive resource with more than 700 contributions in Second Edition 5643 references, more than twice the number of references that appear in the First Edition With over 300 new entries, appearing in an A-Z format, the Encyclopedia of Cryptography and Security provides easy, intuitive access to information on all aspects of cryptography and security. As a critical enhancement to the First Edition's base of 464 entries, the information in the Encyclopedia is relevant for researchers and professionals alike. Topics for this comprehensive reference were elected, written, and peer-reviewed by a pool of distinguished researchers in the field. The Second Edition's editorial board now includes 34 scholars, which was expanded from 18 members in the First Edition. Representing the work of researchers from over 30 countries, the Encyclopedia is broad in scope, covering everything from authentication and identification to quantum cryptography and web security. The text's practical style is instructional, yet fosters investigation. Each area presents concepts, designs, and specific implementations. The highly-structured essays in this work include synonyms, a definition and discussion of the topic, bibliographies, and links to related literature. Extensive cross-references to other entries within the Encyclopedia support efficient, user-friendly searches for immediate access to relevant information. Key concepts presented in the Encyclopedia of Cryptography and Security include: Authentication and identification; Block ciphers and stream ciphers; Computational issues; Copy protection; Cryptanalysis and security; Cryptographic protocols; Electronic payment and digital certificates; Elliptic curve cryptography; Factorization algorithms and primality tests; Hash functions and MACs; Historical systems; Identity-based cryptography; Implementation aspects for smart cards and standards; Key management; Multiparty computations like voting schemes; Public key cryptography; Quantum cryptography; Secret sharing schemes; Sequences; Web Security. Topics covered: Data Structures, Cryptography and Information Theory; Data Encryption; Coding and Information Theory; Appl.Mathematics/Computational Methods of Engineering; Applications of Mathematics; Complexity. This authoritative reference will be published in two formats: print and online. The online edition features hyperlinks to cross-references, in addition to significant research

Formal Characterization of Illegal Control Flow in Android System

International audienceThe dynamic taint analysis mechanism is used to protect sensitive data in the Android system. But this technique does not detect control flows which can cause an under-tainting problem. This means that some values should be marked as tainted, but are not. The under-tainting problem can be the cause of a failure to detect a leak of sensitive information. To solve this problem, we use a set of formally defined rules that describes the taint propagation. We prove the completeness of these rules. Also, we provide a correct and complete algorithm based on these rules to solve the under-tainting problem