Login | Register

MobiLogLeak: A Study on Data Leakage Caused by Poor Logging Practices

Title:

MobiLogLeak: A Study on Data Leakage Caused by Poor Logging Practices

Zhou, Rui (2020) MobiLogLeak: A Study on Data Leakage Caused by Poor Logging Practices. Masters thesis, Concordia University.

[thumbnail of Zhou_MASc_F2020.pdf]
Preview
Text (application/pdf)
Zhou_MASc_F2020.pdf - Accepted Version
Available under License Spectrum Terms of Access.
2MB

Abstract

Logging is an essential software practice that is used by developers to debug, diagnose and audit software systems. Despite the advantages of logging, poor logging practices can potentially leak sensitive data. The problem of data leakage is more severe in applications that run on mobile devices, since these devices carry sensitive identification information ranging from physical device identifiers (e.g., IMEI MAC address) to communications network identifiers (e.g., SIM, IP, Bluetooth ID), and application-specific identifiers related to the location and accounts of users.
This study explores the impact of logging practices on data leakage of such sensitive information. Particularly, we want to investigate whether logs inserted into an application code could lead to data leakage. While studying logging practices in mobile applications is an active research area, to our knowledge, this is the first study that explores the interplay between logging and security in the context of mobile applications for Android. We propose an approach called MobiLogLeak that identifies log statements in deployed apps that leak sensitive data. MobiLogLeak relies on taint flow analysis. Among 5,000 Android apps that we studied, we found that 200 apps leak sensitive data through logging.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Electrical and Computer Engineering
Item Type:Thesis (Masters)
Authors:Zhou, Rui
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Electrical and Computer Engineering
Date:16 July 2020
Thesis Supervisor(s):Hamou-Lhadj, Abdelwahab
Keywords:Taint Flow Analysis, Mobile Applications, Data Leakage, Logging Practices
ID Code:987367
Deposited By: Rui Zhou
Deposited On:25 Nov 2020 16:31
Last Modified:25 Nov 2020 16:31
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top