PIFT: Predictive Information-Flow Tracking

Open Webpage

Man-Ki Yoon, Negin Salajegheh, Yin Chen, Mihai Christodorescu

Published: 01 Jan 2016, Last Modified: 28 Jan 2025ASPLOS 2016EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Phones today carry sensitive information and have a great number of ways to communicate that data. As a result, malware that steal money, information, or simply disable functionality have hit the app stores. Current security solutions for preventing undesirable data leaks are mostly high-overhead and have not been practical enough for smartphones. In this paper, we show that simply monitoring just some instructions (only memory loads and stores) it is possible to achieve low overhead, highly accurate information flow tracking. Our method achieves 98% accuracy (0% false positive and 2% false negative) over DroidBench and was able to successfully catch seven real-world malware instances that steal phone number, location, and device ID using SMS messages and HTTP connections.

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview