Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012)

Slides:



Advertisements
Similar presentations
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Advertisements

Operating System Structures
Objectives Overview Define an operating system
HARDWARE ACCELERATED WEB BROWSER Berlian Juliartha M.P Indah Yudi Suryani Wais Al Qonri H
Chapter 6 Security Kernels.
By : Versha Thakur Shravani Aishwarya
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
© 2004, D. J. Foreman 1 CS350 Operating Systems. © 2004, D. J. Foreman 2 Administrivia  Assignments ■ Homework on most chapters ■ Approximately 8 lab.
OS Spring’03 Introduction Operating Systems Spring 2003.
1 Operating Systems Ch An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, Bare Bones Computer.
Security Issues in Web Applications Vitaly Shmatikov CS 6431.
OS Concepts An Introduction operating systems. At the end of this module, you should have a basic understanding of what an operating system is, what it.
Why Threads Are A Bad Idea (for most purposes) John Ousterhout Sun Microsystems Laboratories
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
MOBILE PACKET MONITOR Josue Martins (front end) Chisha Malama (back end) Supervised by Dr WD Tucker & Mr Michael Norman.
Memento: Learning Secrets from Process Footprints Suman Jana and Vitaly Shmatikov The University of Texas at Austin.
Case study 2 Android – Mobile OS.
CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.
Operating System.
SOFTWARE.
Prof. Vishnuprasad Nagadevara Indian Institute of Management Bangalore
Computer Organization Review and OS Introduction CS550 Operating Systems.
COMP1070/2002/lec3/H.Melikian COMP1070 Lecture #3 v Operating Systems v Describe briefly operating systems service v To describe character and graphical.
Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 4: Threads.
Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?
Silberschatz, Galvin and Gagne  2002 Modified for CSCI 399, Royden, Operating System Concepts Operating Systems Lecture 1 Introduction Read:
OS provide a user-friendly environment and manage resources of the computer system. Operating systems manage: –Processes –Memory –Storage –I/O subsystem.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Explain the purpose of an operating system
Securing Embedded User Interfaces: Android and Beyond Franziska Roesner and Tadayoshi Kohno University of Washington Mohamed Grissa A presentation of USENIX.
Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS-Related Hardware.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
Operating System (OS) Basics. Operating System Basics Software (applications) Operating System (OS) Hardware.
Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,
30 October Agenda for Today Introduction and purpose of the course Introduction and purpose of the course Organization of a computer system Organization.
Peeping Tom in the Neighborhood Keystroke Eavesdropping on Multi-User Systems USENIX 2009 Kehuan Zhang, Indiana University, Bloomington XiaoFeng Wang,
CS 346 – Chapter 2 OS services –OS user interface –System calls –System programs How to make an OS –Implementation –Structure –Virtual machines Commitment.
Leave Me Alone: App- level Protection Against Runtime Information Gathering on Android NAN ZHANG, KAN YUAN, MUHAMMAD NAVEED†, XIAOYONG ZHOU AND XIAOFENG.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
VMware vSphere Configuration and Management v6
M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.
1 Lecture 6 Introduction to Process Management COP 3353 Introduction to UNIX.
Xinyu Xing, Wei Meng, Dan Doozan, Georgia Institute of Technology Alex C. Snoeren, UC San Diego Nick Feamster, and Wenke Lee, Georgia Institute of Technology.
1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
OWASP AppSec Israel, 13/Oct/2015 Yossi Oren, Ben Gurion University Joint work with Vasileios P. Kemerlis,
Lecture 1: Network Operating Systems (NOS) An Introduction.
Performance Testing Test Complete. Performance testing and its sub categories Performance testing is performed, to determine how fast some aspect of a.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
Threads. Readings r Silberschatz et al : Chapter 4.
1 Utkarsha MishraCOMPSCI 725 David Silver, Suman Jana, Eric Chen, Collin Jackson, and Dan Boneh. “Password Managers: Attacks and Defenses.” In Proceedings.
UNIX U.Y: 1435/1436 H Operating System Concept. What is an Operating System?  The operating system (OS) is the program which starts up when you turn.
111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages
What mobile ads know about mobile users
Introduction to Operating Systems Concepts
IT Security Awareness Day October 19, 2016
Chapter 2: Operating-System Structures
Operating System (013022) Dr. H. Iwidat
Chapter 4: Multithreaded Programming
Secure Software Development: Theory and Practice
Lecture Topics: 11/1 General Operating System Concepts Processes
CSCE 313 – Introduction to UNIx process
Operating Systems Lecture 1.
Why Threads Are A Bad Idea (for most purposes)
Recitation on AdFisher
Chapter-1 Computer is an advanced electronic device that takes raw data as an input from the user and processes it under the control of a set of instructions.
Why Threads Are A Bad Idea (for most purposes)
Why Threads Are A Bad Idea (for most purposes)
Presentation transcript:

Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012) Best student paper award This slide is modified from

Outline 2012/05/28 A Seminar at Advanced Defense Lab 2 Introduction Side channels through /proc Memento Implementation Evaluation Variations of the attack Solutions? Summary

Introduction 2012/05/28 A Seminar at Advanced Defense Lab 3 Implementing whole security mechanism at user mode is very difficult.

Trends in software design Applications rely on OS abstractions to improve their safety and reliability “Process” “User” Case study: Web browsers Fork a new process OS isolation Fork a new process /05/28

Unintended consequences Good Better isolation Better reliability Others not affected if one process crashes Better safety Bad Leaks more info to concurrent processes Topic of this talk /05/28 A Seminar at Advanced Defense Lab

ProcFS: Process info in multi-user OS ps top –p 1 introduced in the 1980s Tom Killian "Processes as Files" (1984) cat /proc/1/st atus 6

What can one learn from ProcFS? IP addrs of websites other users are visiting 7 A Seminar at Advanced Defense Lab 2012/05/28

Side channels through /proc "Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems" - Usenix Security 2009 o Keystroke timing leak through ESP/EIP values from /proc/ /stat XiaoFeng WangKehuan Zhang 8 A Seminar at Advanced Defense Lab 2012/05/28

The story of "Peeping Tom" NDSS '09 program committee: "Nobody uses multi-user computers anymore" Shout-out to XiaoFeng ;) 9 A Seminar at Advanced Defense Lab 2012/05/28

The story of "Peeping Tom" Oakland '09 program committee: "Nobody uses multi-user computers anymore" Shout-out to XiaoFeng ;) 10 A Seminar at Advanced Defense Lab 2012/05/28

Nobody uses multi-user computers anymore??? 11 A Seminar at Advanced Defense Lab 2012/05/28

Android sandboxing = UNIX multi-user isolation ps top –p 1 UNIX multi-users in the 1980s cat /proc/1/st atus 12 A Seminar at Advanced Defense Lab 2012/05/28

Android sandboxing = UNIX multi-user isolation ps top –p 1 Android “multi-users” in 2012 cat /proc/1/st atus 13 A Seminar at Advanced Defense Lab 2012/05/28

Android sandboxing = UNIX multi-user isolation Different apps run as different users Android uses OS “user” abstraction to isolate applications /05/28

Android “multi-users” in 2012 cat /proc/1/st atus Android sandboxing = UNIX multi-user isolation ps top –p 1 ProcFS API is still unchanged!! 15 A Seminar at Advanced Defense Lab 2012/05/28

What can a zero-permission app do? Can read all world-readable files in /proc … but “Peeping Tom” attack does not work  o ESP/EIP too unpredictable - JVM, GUI etc. Introducing “Memento” attacks Works on all major OSs (except iOS) 16 A Seminar at Advanced Defense Lab 2012/05/28

This is not just about Android! 17 A Seminar at Advanced Defense Lab 2012/05/28

Process resource usage = big-time side channel Memory usage leaks inputs and user actions Reveals webpages visited in Chrome, Firefox, Android browser, any WebKit-based browser Reveals state of Web applications Membership in dating sites, specific interests on medical sites, etc. CPU usage leaks keystroke timing For bash, ssh, Android on-screen keyboard handler Yields a better, much more robust “Peeing Tom” Completely new attack! Completely new attack! 18 A Seminar at Advanced Defense Lab 2012/05/28

“Memento” (2000): putting together “memory streams” 19 A Seminar at Advanced Defense Lab 2012/05/28

“Memento” (2000): putting together “memory streams” 20 A Seminar at Advanced Defense Lab 2012/05/28

Memprint: stream of memory usage KB KB KB KB KB KB KB KB KB 21 A Seminar at Advanced Defense Lab 2012/05/28

2050 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint A Seminar at Advanced Defense Lab 2012/05/28

2056 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint brk/mmap A Seminar at Advanced Defense Lab 2012/05/28

2080 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint brk/mmap A Seminar at Advanced Defense Lab 2012/05/28

Memprint for Chrome loading benaughty.com 25 A Seminar at Advanced Defense Lab 2012/05/28

Memprint for Chrome loading benaughty.com 26 A Seminar at Advanced Defense Lab 2012/05/28

Memprint for Chrome loading benaughty.com 27 A Seminar at Advanced Defense Lab 2012/05/28

Full attack OS isolation browser zero-permission app /proc/pid/statm memprint database 28 A Seminar at Advanced Defense Lab 2012/05/28

Implementation 2012/05/28 A Seminar at Advanced Defense Lab 29 Measuring the target’s memory footprint Linux and Anddroid /proc/ /statm  drs (data resident size) [link]link FreeBSD kvm_getprocs [link]link Windows Performance Data Helper (PDH) library [link]link

Environment 2012/05/28 A Seminar at Advanced Defense Lab 30 Chrome Version: Measure the render process Firefox Version: Monolithic browser Using fresh browser Android Version: 2.2 Froyo in the x86 simulator The results are the same for 3.1 Honeycomb in Google’s ARM simulator.

Building the signature database 2012/05/28 A Seminar at Advanced Defense Lab 31 A memprint is a set of (E, c) tuples. E is an integer representing a particular footprint size c is how often it was observed during measurement. Ex: ALEXA TOP 1,000:

Similarity 2012/05/28 A Seminar at Advanced Defense Lab 32

Why the attack works Memprints are unique (for up to 43% of webpages) Can tune recognition to achieve zero false positives Memprints are stable … across repeated visits to the same page memprints are OS/browser- dependent but machine- independent 33

Cross-page similarity for 100 random pages out of Alexa top 1000 Different from others Similar to themselves web page ID similarity = Jaccard index of memprints 34 A Seminar at Advanced Defense Lab

/05/28 A Seminar at Advanced Defense Lab Evaluation Distinguishability A page is distinguishable Distinguishability > 0

/05/28 A Seminar at Advanced Defense Lab 100 random pages, 1,000-page ambiguity set

/05/28 A Seminar at Advanced Defense Lab If the threshold makes no false positive 100 random distinguishable pages

/05/28 A Seminar at Advanced Defense Lab Variations of the attack Only focus changes caused by allocating or de-allocating large images. Inferring the state f Web sessions. Add secondary side channel information Ex : CPU scheduling statistics

Fine-grained info leak: OkCupid is login successful? no yes memory usage increases by 1-2 MB memory usage increases by 1-2 MB is a paid customer ? is a paid customer ? no memory usage increases by MB memory usage increases by MB no new flash player plugin process new flash player plugin process to display ads yes 39 A Seminar at Advanced Defense Lab 2012/05/28

Concurrent processes don't hurt, sometimes make it even better!! 40 A Seminar at Advanced Defense Lab 2012/05/28

Memento attacks: CPU usage info Monitor /proc/ /status for number of context switches Infer inter-keystroke timing for bash, ssh, Android on-screen keyboard handler etc. o Processing each keystroke requires a predictable number of context switches o Keystroke processing time << keystroke interval sufficient to reconstruct typed text [Zhang and Wang] /05/28

Keystroke timing (Android MMS app) 42 A Seminar at Advanced Defense Lab 2012/05/28

Solutions? Increasing reliance on OS isolation makes these attacks easier OS problem, not an application problem Disable /proc o FreeBSD: no /proc, but attacker can still measure victim's memory footprint via kvm_getprocs Stop reporting fine-grained resource usage across “user” boundary Only report info for user's own processes Breaks tools like ps, top etc. 43 A Seminar at Advanced Defense Lab 2012/05/28

does NOT need the API needed the API Summary Process info API o A legacy of the 1980s o Reveals process's resource usage - CPU, mem, netw o A single measurement is harmless (most of the time) o Dynamics of processes’ resource usage = high-bandwidth side channel Memento attacks o OS designers must rethink process info API /05/28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.