Show simple item record

dc.contributor.authorKruger, Louisen_US
dc.contributor.authorWang, Haoen_US
dc.contributor.authorJha, Someshen_US
dc.description.abstractMalicious code can wreak havoc on our cyberinfrastructure. Hence, discovering and containing malicious code is an important goal. This paper focuses on privacy-violating malicious code. Examples of privacy violations are leaking private user data to an external entity or downloading data to a user's host without their permission. Spyware, which has recently received considerable attention in the popular literature is an important example of privacy-violating malicious code. We propose a multi-step approach to discovering and containing privacy violations. We have designed and implemented a dynamic slicing tool to discover dependencies between events in an execution trace. We demonstrate that dynamic slicing can be used to discover privacy violations. Information gatbered using dynamic slicing can be used to construct security policies to contain the discovered privacy violations. These security policies are then enforced by a sandbox. We have implemented a sandbox for Windows, and have successfully evaluated our approach on two applications: KaZaa and RealOne Player. For both of these applications we were able to discover privacy violations in them using our dynamic-slicing tool. Moreover, using information gathered through dynamic slicing we were able to design policies to thwart these privacy violations. Although our preliminary evaluation was performed on spyware, in the future we will evaluate our approach on other privacy violating malicious code.en_US
dc.publisherUniversity of Wisconsin-Madison Department of Computer Sciencesen_US
dc.titleTowards Discovering and Containing Privacy Violations in Softwareen_US
dc.typeTechnical Reporten_US

Files in this item


This item appears in the following Collection(s)

  • CS Technical Reports
    Technical Reports Archive for the Department of Computer Sciences at the University of Wisconsin-Madison

Show simple item record