Information Disclosure Detection in Cyber-Physical Systems

  • Fabian BernerEmail author
  • Johannes Sametinger
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1062)


The detection of information disclosure attacks, i.e. the unauthorized disclosure of sensitive data, is a dynamic research field. The disclosure of sensitive data can be detected by various static and dynamic security analysis methods. In the context of Android, dynamic taint-tracking systems like Taintdroid have turned out to be especially promising. Here we present a simulation environment, which is based on existing dynamic taint-tracking systems. It extends these and changes the analysis concept behind the taint-tracking system it uses. While taint-tracking is mainly used for mobile devices running Android, we postulate the importance of detecting information disclosure in any cyber-physical system. In this paper, we explore the detection of information disclosure by simulating devices and monitoring the information flows inside and among the devices.


Information disclosure Mobile computing Taint-tracking 



This work has partially been supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.


  1. 1.
    Berner, F.: Simulacron: Eine Simulationsumgebung zur automatischen Testwiederholung und Erkennung von Informationsabflüssen in Android-Applikationen. In: IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung; Tagungsband ... 16. Deutschen IT-Sicherheitskongress, 21–23 May 2019, pp. 167–177 (2019)Google Scholar
  2. 2.
    Biro, M., Mashkoor, A., Sametinger, J., Seker, R.: Software safety and security risk mitigation in cyber-physical systems. IEEE Softw. 35(1), 24–29 (2018)CrossRefGoogle Scholar
  3. 3.
    Dam, M., Le Guernic, G., Lundblad, A.: TreeDroid: a tree automaton based approach to enforcing data processing policies. In: Proceedings of the 2012 ACM conference on Computer and communications security, CCS 2012, p. 894 (2012)Google Scholar
  4. 4.
    Enck, W.: Defending users against smartphone apps: techniques and future directions. In: Proceedings of 7th International Conference on Information Systems Security (2011)CrossRefGoogle Scholar
  5. 5.
    Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on Smartphones. In: Proceeding of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010 (2010)Google Scholar
  6. 6.
    Cyber physical Systems Public Working Group: Framework for Cyber-physical Systems Release, 1, May 2016Google Scholar
  7. 7.
    Qian, C., Luo, X., Shao, Y., Chan, A.T.S.: On tracking information flows through JNI in android applications. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 180–191. IEEE (2014)Google Scholar
  8. 8.
    Stallings, W., Brown, L., Bauer, M., Howard, M.: Computer Security: Principles and Practice. Always Learning, 2nd edn. Pearson, Boston and Mass (2012) Google Scholar
  9. 9.
    Sufatrio, Tan, D.J.J., Chua, T.W., Thing, V.L.: Securing android: a survey, taxonomy, and challenges. ACM Comput. Surv. 47(4), 1–45 (2015) CrossRefGoogle Scholar
  10. 10.
    Sun, M., Wei, T., Lui, J.C.S.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: Katzenbeisser, S., Weippl, E. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 331–342. ACM (2016)Google Scholar
  11. 11.
    Meng, X., et al.: Toward engineering a secure android ecosystem. ACM Comput. Surv. 49(2), 1–47 (2016)Google Scholar
  12. 12.
    You, W., Liang, B., Shi, W., Wang, P., Zhang, X.: TaintMan: an art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices. IEEE Trans. Dependable Secur. Comput. 1 (2017)Google Scholar
  13. 13.
    Zhang, Y., et al.: Vetting undesirable behaviors in android apps with permission use analysis. In: Sadeghi, A.-R., Gligor, V., Yung, M. (eds.) The 2013 ACM SIGSAC Conference, pp. 611–622 (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Business Informatics, LIT Secure and Correct Systems LabJohannes Kepler University LinzLinzAustria

Personalised recommendations