piitracker automatic tracking of personally identifiable
play

PIITracker: Automatic Tracking of Personally Identifiable - PowerPoint PPT Presentation

Feb 03, 2023 •179 likes •380 views

PIITracker: Automatic Tracking of Personally Identifiable Information in Windows Meisam Navaki Arefi (mnavaki@unm.edu) Geoffrey Alexander Jedidiah R. Crandall What is PII? Personally Identifiable Information (PII) is information that can

  1. PIITracker: Automatic Tracking of Personally Identifiable Information in Windows Meisam Navaki Arefi (mnavaki@unm.edu) Geoffrey Alexander Jedidiah R. Crandall

  2. What is PII?  Personally Identifiable Information (PII) is information that can be used to distinguish or trace an individual’s identity.  Examples of PII:  Name, Address, Phone number, SSN.  MAC Address, Hard drive serial number, IP address. 2

  3. PII Tracking  Needs considerable effort to reverse engineer an application.  To automate PII Tracking process and save reverse engineers substantial time and effort, we propose PIITracker . 3

  4. Motivation  Applications that send PII over the network pose a threat to user privacy and anonymity.  No other tools track PII in an automatic fashion specifically for Windows. 4

  5. Background - DIFT  Dynamic information flow tracking (DIFT) , aka Dynamic Taint Analysis, is a promising technology for making systems transparent. 5

  6. Our Approach  PIITracker is based on Dynamic Information Flow Tracking (DIFT).  PIITracker : 1. Monitors reading PII (by monitoring specific function and system calls). 2. Taint PII with unique tags and track them (using taint2 plugin in PANDA). 3. Monitors out-going network traffic for tainted bytes (i.e. PII). 6

  7. PII Data points  The PII that we have investigated in this paper are:  MAC address  Hard drive serial number  Hard drive model name  Volume serial number  Host name  Computer name  Security identifier number (SID)  CPU model  Windows version and build 7

  8. System Architecture  PIITracker is implemented as a plugin to PANDA whole-system dynamic analysis framework.  Supports Windows 7 as the guest OS.  Runs on top of Linux as the host OS. 8

  9. System Architecture  PIITracker interacts with other plugins:  Taint2: whole-system taint analysis engine  Syscalls2: Callbacks whenever system calls invoked  OSI/Win7x86intro: Callbacks whenever process-related events happen. 9

  10. Placing Hooks  PIITracker utilizes Windows API function calls and system calls as hooks.  Once a specific function or system call occurs, we get the memory address of the desired argument, and taint that memory location using the taint2 plugin API. 10

  11. Placing Hooks  List of functions used to place hooks for each PII data point. 11

  12. Query  To monitor the outgoing network traffic, PIITracker uses the NtDeviceIoControlFile system call.  We query the memory address of every byte in the outgoing network traffic to determine if it has any tags. 12

  13. Results: Analyzing Popular Windows Applications  We have investigated 15 popular Windows applications, mostly chat applications and web browsers.  We determined that 12 of these applications collect some form of PII, meaning that they send PII over the network. 13

  14. Results: Analyzing Popular Windows Applications 14

  15. Results: Analyzing Popular Windows Applications  The chat applications that we could not find any serious PII-related privacy issues were Telegram and Viber .  All Chinese chat and web browser applications that we investigated collect some form of PII.  Firefox and Chromimum also collect some form of PII. 15

  16. False Positive and False Negative Analysis  Comparison with previous works.  Using PIITracker, we could verify the results of other researchers.  Evaluating PIITracker via our own developed test applications.  Worked as expected. 16

  17. Performance Evaluation  Whole-system information flow tracking is intrinsically heavyweight.  Performance has not been a priority for PIITracker.  PIITracker exhibited a 67X slowdown on average compared to PANDA replay. 17

  18. Related Works  TaintDroid  Detects data leakage of Android applications.  TaintEraser  Detects leakage of sensitive data such as password and credit card numbers in Windows.  Requires users to manually specify what actually is a password or credit card number.  None of them are able to track PII in an automatic way in Windows. 18

  19. Conclusions  Presented PIITracker, a novel tool for tracking personally identifiable information (PII) in Windows.  Analyzed 15 popular Windows applications  Majority of these applications collect some form of PII.  PIITracker:  Saves reverse engineers substantial time and effort in practice.  Provides valuable information including the relevant memory addresses of leaked PII, as well as network socket info.  PIITracker is available for public download  https://github.com/mnavaki/PIITracker 19

  20. Thank you!  Contact: Meisam Navaki Arefi  mnavaki@unm.edu  Download PIITracker:  https://github.com/mnavaki/PIITracker 20

Recommend

FERPA Family Educational Rights and Privacy Act General Rule, Personally Identifiable Student

FERPA Family Educational Rights and Privacy Act General Rule, Personally Identifiable Student

FERPA Family Educational Rights and Privacy Act General Rule, Personally Identifiable Student records are confidential and must not be disclosed without consent When is student data personally identifiable? Contains directly

251 views • 4 slides
Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing

Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing

Presenting a live 90-minute webinar with interactive Q&A Growing Class Action Threat: Breaches of Consumer Personally Identifiable Information Minimizing Litigation Risk and Maximizing Insurance Coverage TUESDAY, MARCH 18, 2014 1pm Eastern

682 views • 49 slides
On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander

On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander

On the Leakage of Personally Identifiable Information Via Online Social Networks Balachander Krishnamurthy, AT&T Labs Research Craig E. Wills, Worcester Polytechnic Institute ACM SIGCOMM Workshop on Online Social Networks Barcelona,

594 views • 15 slides
Protecting Personally Identifiable Information Audio is available only by conference call. Please

Protecting Personally Identifiable Information Audio is available only by conference call. Please

Protecting Personally Identifiable Information Audio is available only by conference call. Please call: (800) 700-7784 Participant Access Code: 365268 to join the conference call portion of the webinar (date) Webinar Logistics: Audio is

1.04k views • 37 slides
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program August 12, 2014 1 Protecting

590 views • 43 slides
Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander

Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander

Knockin on Trackers Door: Large-Scale Automatic Analysis of Web Tracking Iskander Sanchez-Rola, Igor Santos Web Tracking It is a common practice to gather user browsing data . Web Tracking Recent studies provided a better understanding of

568 views • 24 slides
The 80s. Loved by so many. Not only by the ones that personally The 80s. Loved by so many. Not

The 80s. Loved by so many. Not only by the ones that personally The 80s. Loved by so many. Not

Official-Steve-Norman SteveNormanReal Stevenormanofficial The 80s. Loved by so many. Not only by the ones that personally The 80s. Loved by so many. Not only by the ones that personally witnessed this

172 views • 6 slides
An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization Automatic Tracking and Activity Visualization marco riccardi Italian Chapter - The Honeynet Project marco cremonini

393 views • 36 slides
Automatic and Efficient Long Term Arm and Hand Tracking for Continuous Sign Language TV

Automatic and Efficient Long Term Arm and Hand Tracking for Continuous Sign Language TV

Automatic and Efficient Long Term Arm and Hand Tracking for Continuous Sign Language TV Broadcasts Tomas Pfister 1 , James Charles 2 , Mark Everingham 2 , Andrew Zisserman 1 1 Visual Geometry Group 2 School of

495 views • 27 slides
The Automatic Detection and Tracking of Interplanetary Coronal Mass Ejections (ICMEs) By Robin

The Automatic Detection and Tracking of Interplanetary Coronal Mass Ejections (ICMEs) By Robin

The Automatic Detection and Tracking of Interplanetary Coronal Mass Ejections (ICMEs) By Robin Thompson Supervised by Dr Tim Howard, SwRI What is a CME? An eruption of Leading Edge plasma and Cavity Filament magnetic field from the

325 views • 31 slides
Easy Tracker EasyTracker: Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using

Easy Tracker EasyTracker: Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using

Easy Tracker EasyTracker: Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones Presentation: Rafa Hryciuk Department of Computer Science University of Illinois at Chicago: James Biagioni, Tomas Gerlich, Timothy

935 views • 36 slides
EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones

EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones

EasyTracker Automatic Transit Tracking, Mapping, and Arrival Time Prediction Using Smartphones James Biagioni, Tomas Gerlich, Timothy Merrifield and Jakob Eriksson We love bus trackers! slide 2 Winter in Chicago slide 3 Our shuttle web

4.98k views • 94 slides
NoMoATS: Towards Automatic Detection of Mobile Tracking Abstract: Todays mobile apps employ

NoMoATS: Towards Automatic Detection of Mobile Tracking Abstract: Todays mobile apps employ

Proceedings on Privacy Enhancing Technologies ; 2020 (2):4566 Anastasia Shuba* and Athina Markopoulou NoMoATS: Towards Automatic Detection of Mobile Tracking Abstract: Todays mobile apps employ third-party ad- 1 Introduction vertising and

373 views • 22 slides
Key Topics Related to Grant Accountability and Monitoring

Key Topics Related to Grant Accountability and Monitoring

Key Topics Related to Grant Accountability and Monitoring _____________________________________________________ 21 st Century Fall Project Directors Workshop October 2019 1 Grant Monitoring Points of Emphasis Personally Identifiable

419 views • 28 slides
The Automatic Library Tracking Database Mark Fahey National Institute for Computational

The Automatic Library Tracking Database Mark Fahey National Institute for Computational

The Automatic Library Tracking Database Mark Fahey National Institute for Computational Sciences Scientific Computing Group Lead May 24, 2010 Cray User Group May 24-27, 2010 Contributors Ryan Blake Hitchcock Patrick Lu Nick

559 views • 25 slides
De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft

De-anonymizing D4D Datasets Kumar Sharad 1 George Danezis 2 1 University of Cambridge 2 Microsoft Research July 12, 2013 6th Workshop on Hot Topics in Privacy Enhancing Technologies 2013, Bloomington, Indiana, USA Can Personally Identifiable

668 views • 18 slides
A Practical Marketing Approach to GDPR Great News! Focus on email marketing What you

A Practical Marketing Approach to GDPR Great News! Focus on email marketing What you

A Practical Marketing Approach to GDPR Great News! Focus on email marketing What you need to do How to get consent Documentation What is PII? Personally Identifiable Information Name, email IP address

410 views • 27 slides
n For myself personally I would describe this year as a year of endurance. A year of

n For myself personally I would describe this year as a year of endurance. A year of

Otakanini Topu Year End 2017 Firstly I would like to thank, all of you who voted for me last year, given there were a few candidates who stood, I was certainly surprised at the time to have made the cut. n For myself personally I would describe

721 views • 6 slides
optiMize Plant Wide Automatic Process & Production Diagnostics Hot Cold Foil Levelling

optiMize Plant Wide Automatic Process & Production Diagnostics Hot Cold Foil Levelling

optiMize Plant Wide Automatic Process & Production Diagnostics Hot Cold Foil Levelling Slitting Coating Casting Heating Testing Casting Automatic tracking of material and machine performance through the whole process Finishing

868 views • 43 slides
Nice to meet you. Social Care New Technology: Taking it personally A Little About U s Social

Nice to meet you. Social Care New Technology: Taking it personally A Little About U s Social

Hello, we are adam . Nice to meet you. Social Care New Technology: Taking it personally A Little About U s Social Care I New Technology: Taking it personally PUTTING THE INDIVIDUAL AT THE HEART OF EVERYTHING WE DO 5000 Registered Service

327 views • 17 slides
Sharing Information: Teaming for School Safety and Mental Health Julie Incitti, MSW, CAPSW

Sharing Information: Teaming for School Safety and Mental Health Julie Incitti, MSW, CAPSW

Sharing Information: Teaming for School Safety and Mental Health Julie Incitti, MSW, CAPSW Teresa Nicholas, MSSW, LISW DPI School Social Work Consultant School Social Worker What Are We Talking About? 1. Sharing personally identifiable

612 views • 42 slides
I took it personally Ive been a reluctant power user of Tax Accountants MY FIRST CO. MY

I took it personally Ive been a reluctant power user of Tax Accountants MY FIRST CO. MY

I took it personally Ive been a reluctant power user of Tax Accountants MY FIRST CO. MY SECOND CO. MY THIRD CO. 3 firms 200 $ 3M 3 years hours/year spent annual retainer on tax matters for tax firm Paper-driven What should be a part

250 views • 5 slides
Recent Developments In State Regulation of Prescriber-Identifiable Data and Detailing Scott D.

Recent Developments In State Regulation of Prescriber-Identifiable Data and Detailing Scott D.

BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE SYDNEY TOKYO WASHINGTON, D.C. Recent Developments In State Regulation of Prescriber-Identifiable Data and

766 views • 38 slides
What You Always Wanted to Know about OCL and Never Dared to Ask Martin Gogolla Personally, i

What You Always Wanted to Know about OCL and Never Dared to Ask Martin Gogolla Personally, i

What You Always Wanted to Know about OCL and Never Dared to Ask Martin Gogolla Personally, i never use OCL, i always use USE OCL OCL is a nice, useful language, for driving with your finger through a class diagram. But there are some things

323 views • 7 slides

More recommend