Abstract: A method performed by a computing device for implementing a dynamic outbound firewall. The method includes creating a localhost virtual private network (VPN) service, intercepting, using the localhost VPN service, outbound network traffic originated by the computing device, and responsive to detecting a first domain name service (DNS) query in the intercepted outbound network traffic, converting the DNS query to a first secure DNS query and sending the first secure DNS query to a trusted external DNS recursive resolver using a secure DNS protocol, receiving a first secure DNS response that includes a first DNS resolution result, adding an entry for the first DNS resolution result to a cache, and dropping a first outbound packet detected in the intercepted outbound network traffic based on a determination that the destination of the first outbound packet does not match an entry in the cache.

Abstract: A method performed by a computing device for implementing a dynamic outbound firewall. The method includes creating a localhost virtual private network (VPN) service, intercepting, using the localhost VPN service, outbound network traffic originated by the computing device, and responsive to detecting a first domain name service (DNS) query in the intercepted outbound network traffic, converting the DNS query to a first secure DNS query and sending the first secure DNS query to a trusted external DNS recursive resolver using a secure DNS protocol, receiving a first secure DNS response that includes a first DNS resolution result, adding an entry for the first DNS resolution result to a cache, and dropping a first outbound packet detected in the intercepted outbound network traffic based on a determination that the destination of the first outbound packet does not match an entry in the cache.

Abstract: A method for automatically identifying applications that circumvent permissions. The method includes logging network traffic transmitted by one or more computing devices while the one or more computing devices execute one or more applications, identifying, based on analyzing the logged network traffic and permissions granted to the one or more applications, those of the one or more applications that caused permission-protected data to be transmitted without having permission to access that data as circumventing permissions, and generating a report indicating the applications that were identified as circumventing permissions.

Abstract: A method for automatically identifying applications that circumvent permissions. The method includes logging network traffic transmitted by one or more computing devices while the one or more computing devices execute one or more applications, identifying, based on analyzing the logged network traffic and permissions granted to the one or more applications, those of the one or more applications that caused permission-protected data to be transmitted without having permission to access that data as circumventing permissions, and generating a report indicating the applications that were identified as circumventing permissions.