MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps
文献类型:期刊论文
| 作者 | Li, Wei2; Yang, Borui2; Ye, Hangyu2; Xiang, Liyao2; Tao, Qingxiao2; Wang, Xinbing2; Zhou, Chenghu1 |
| 刊名 | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
 |
| 出版日期 | 2024-07-01 |
| 卷号 | 21期号:4页码:2099-2114 |
| 关键词 | Privacy Social networking (online) Message services Data privacy Web and internet services Rendering (computer graphics) Codes Mobile applications mini apps privacy leakage |
| ISSN号 | 1545-5971 |
| DOI | 10.1109/TDSC.2023.3299945 |
| 英文摘要 | Running on host mobile applications, mini apps have gained increasing popularity these days for its convenience in installation and usage. However, being easy to use allows mini apps to freely access a large amount of user information, mostly without close inspection of privacy violations. Hence it becomes a crucial issue to automatically track sensitive flows in mini apps. Although flow analysis has been widely studied, unique challenges emerge: the analysis tool should not only handle mini app-specific features such as flows that interweave between rendering and logic, and asynchronous executions, but also deal with problems raised by Javascript development: the performance tradeoff between precision and efficiency, and function aliases. To this end, we propose MiniTracker, an automatic sensitive flow tracking tool which well handles mini app features, constructs assignment flow graphs as common representation across different host apps, searches function aliases, and analyzes the graph by property chains. We show our design choices achieve a sweet spot in the tradeoff between precision and efficiency, with superior performance compared to the state-of-the-art. We also perform a large-scale study on 150 k mini apps, which reveals the common leakage patterns and offers insights into the privacy threats of mini apps. |
| WOS关键词 | STATIC ANALYSIS ; PRIVACY |
| 资助项目 | NSF China[62272306] ; NSF China[62032020] ; NSF China[62136006] |
| WOS研究方向 | Computer Science |
| 语种 | 英语 |
| WOS记录号 | WOS:001270728400072 |
| 出版者 | IEEE COMPUTER SOC |
| 资助机构 | NSF China |
| 源URL | [http://ir.igsnrr.ac.cn/handle/311030/206981]  |
| 专题 | 资源与环境信息系统国家重点实验室_外文论文 |
| 通讯作者 | Xiang, Liyao |
| 作者单位 | 1.Chinese Acad Sci, Inst Geog Sci & Nat Resources Res, Beijing 100101, Peoples R China 2.Shanghai Jiao Tong Univ, Shanghai 200240, Peoples R China |
| 推荐引用方式 GB/T 7714 | Li, Wei,Yang, Borui,Ye, Hangyu,et al. MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,2024,21(4):2099-2114. |
| APA | Li, Wei.,Yang, Borui.,Ye, Hangyu.,Xiang, Liyao.,Tao, Qingxiao.,...&Zhou, Chenghu.(2024).MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,21(4),2099-2114. |
| MLA | Li, Wei,et al."MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps".IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 21.4(2024):2099-2114. |
入库方式: OAI收割
来源:地理科学与资源研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。