Presentation is loading. Please wait.

Presentation is loading. Please wait.

Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012)

Published byHugo Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012)"— Presentation transcript:

1 Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012) Best student paper award This slide is modified from http://www.cs.utexas.edu/~suman/publications/oakland12/Memento.pptx

2 Outline 2012/05/28 A Seminar at Advanced Defense Lab 2 Introduction Side channels through /proc Memento Implementation Evaluation Variations of the attack Solutions? Summary

3 Introduction 2012/05/28 A Seminar at Advanced Defense Lab 3 Implementing whole security mechanism at user mode is very difficult.

4 Trends in software design Applications rely on OS abstractions to improve their safety and reliability “Process” “User” Case study: Web browsers www.xbank.comwww.quickdate.com Fork a new process OS isolation Fork a new process 4 2012/05/28

5 Unintended consequences Good Better isolation Better reliability Others not affected if one process crashes Better safety Bad Leaks more info to concurrent processes Topic of this talk 5 2012/05/28 A Seminar at Advanced Defense Lab

6 ProcFS: Process info in multi-user OS ps top –p 1 introduced in the 1980s Tom Killian "Processes as Files" (1984) cat /proc/1/st atus 6

7 What can one learn from ProcFS? IP addrs of websites other users are visiting 7 A Seminar at Advanced Defense Lab 2012/05/28

8 Side channels through /proc "Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems" - Usenix Security 2009 o Keystroke timing leak through ESP/EIP values from /proc/ /stat XiaoFeng WangKehuan Zhang 8 A Seminar at Advanced Defense Lab 2012/05/28

9 The story of "Peeping Tom" NDSS '09 program committee: "Nobody uses multi-user computers anymore" Shout-out to XiaoFeng ;) 9 A Seminar at Advanced Defense Lab 2012/05/28

10 The story of "Peeping Tom" Oakland '09 program committee: "Nobody uses multi-user computers anymore" Shout-out to XiaoFeng ;) 10 A Seminar at Advanced Defense Lab 2012/05/28

11 Nobody uses multi-user computers anymore??? 11 A Seminar at Advanced Defense Lab 2012/05/28

12 Android sandboxing = UNIX multi-user isolation ps top –p 1 UNIX multi-users in the 1980s cat /proc/1/st atus 12 A Seminar at Advanced Defense Lab 2012/05/28

13 Android sandboxing = UNIX multi-user isolation ps top –p 1 Android “multi-users” in 2012 cat /proc/1/st atus 13 A Seminar at Advanced Defense Lab 2012/05/28

14 Android sandboxing = UNIX multi-user isolation Different apps run as different users Android uses OS “user” abstraction to isolate applications 14 2012/05/28

15 Android “multi-users” in 2012 cat /proc/1/st atus Android sandboxing = UNIX multi-user isolation ps top –p 1 ProcFS API is still unchanged!! 15 A Seminar at Advanced Defense Lab 2012/05/28

16 What can a zero-permission app do? Can read all world-readable files in /proc … but “Peeping Tom” attack does not work  o ESP/EIP too unpredictable - JVM, GUI etc. Introducing “Memento” attacks Works on all major OSs (except iOS) 16 A Seminar at Advanced Defense Lab 2012/05/28

17 This is not just about Android! 17 A Seminar at Advanced Defense Lab 2012/05/28

18 Process resource usage = big-time side channel Memory usage leaks inputs and user actions Reveals webpages visited in Chrome, Firefox, Android browser, any WebKit-based browser Reveals state of Web applications Membership in dating sites, specific interests on medical sites, etc. CPU usage leaks keystroke timing For bash, ssh, Android on-screen keyboard handler Yields a better, much more robust “Peeing Tom” Completely new attack! Completely new attack! 18 A Seminar at Advanced Defense Lab 2012/05/28

19 “Memento” (2000): putting together “memory streams” 19 A Seminar at Advanced Defense Lab 2012/05/28

20 “Memento” (2000): putting together “memory streams” 20 A Seminar at Advanced Defense Lab 2012/05/28

21 Memprint: stream of memory usage 10568 KB 15976 KB 11632 KB 65948 KB 49380 KB 48996 KB 60280 KB 60820 KB 59548 KB 21 A Seminar at Advanced Defense Lab 2012/05/28

22 2050 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint 2050 22 A Seminar at Advanced Defense Lab 2012/05/28

23 2056 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint brk/mmap 2050 2056 23 A Seminar at Advanced Defense Lab 2012/05/28

24 2080 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint brk/mmap 2056 2050 2080 24 A Seminar at Advanced Defense Lab 2012/05/28

25 Memprint for Chrome loading benaughty.com 25 A Seminar at Advanced Defense Lab 2012/05/28

26 Memprint for Chrome loading benaughty.com 26 A Seminar at Advanced Defense Lab 2012/05/28

27 Memprint for Chrome loading benaughty.com 27 A Seminar at Advanced Defense Lab 2012/05/28

28 Full attack OS isolation browser zero-permission app /proc/pid/statm memprint database 28 A Seminar at Advanced Defense Lab 2012/05/28

29 Implementation 2012/05/28 A Seminar at Advanced Defense Lab 29 Measuring the target’s memory footprint Linux and Anddroid /proc/ /statm  drs (data resident size) [link]link FreeBSD kvm_getprocs [link]link Windows Performance Data Helper (PDH) library [link]link

30 Environment 2012/05/28 A Seminar at Advanced Defense Lab 30 Chrome Version: 13.0.782.220 Measure the render process Firefox Version: 3.6.23 Monolithic browser Using fresh browser Android Version: 2.2 Froyo in the x86 simulator The results are the same for 3.1 Honeycomb in Google’s ARM simulator.

31 Building the signature database 2012/05/28 A Seminar at Advanced Defense Lab 31 A memprint is a set of (E, c) tuples. E is an integer representing a particular footprint size c is how often it was observed during measurement. Ex: ALEXA TOP 1,000:

32 Similarity 2012/05/28 A Seminar at Advanced Defense Lab 32

33 Why the attack works Memprints are unique (for up to 43% of webpages) Can tune recognition to achieve zero false positives Memprints are stable … across repeated visits to the same page memprints are OS/browser- dependent but machine- independent 33

34 Cross-page similarity for 100 random pages out of Alexa top 1000 Different from others Similar to themselves web page ID similarity = Jaccard index of memprints 34 A Seminar at Advanced Defense Lab

35 35 2012/05/28 A Seminar at Advanced Defense Lab Evaluation Distinguishability A page is distinguishable Distinguishability > 0

36 36 2012/05/28 A Seminar at Advanced Defense Lab 100 random pages, 1,000-page ambiguity set

37 37 2012/05/28 A Seminar at Advanced Defense Lab If the threshold makes no false positive 100 random distinguishable pages

38 38 2012/05/28 A Seminar at Advanced Defense Lab Variations of the attack Only focus changes caused by allocating or de-allocating large images. Inferring the state f Web sessions. Add secondary side channel information Ex : CPU scheduling statistics

39 Fine-grained info leak: OkCupid is login successful? no yes memory usage increases by 1-2 MB memory usage increases by 1-2 MB is a paid customer ? is a paid customer ? no memory usage increases by 27-36 MB memory usage increases by 27-36 MB no new flash player plugin process new flash player plugin process to display ads yes 39 A Seminar at Advanced Defense Lab 2012/05/28

40 Concurrent processes don't hurt, sometimes make it even better!! 40 A Seminar at Advanced Defense Lab 2012/05/28

41 Memento attacks: CPU usage info Monitor /proc/ /status for number of context switches Infer inter-keystroke timing for bash, ssh, Android on-screen keyboard handler etc. o Processing each keystroke requires a predictable number of context switches o Keystroke processing time << keystroke interval sufficient to reconstruct typed text [Zhang and Wang] 41 2012/05/28

42 Keystroke timing (Android MMS app) 42 A Seminar at Advanced Defense Lab 2012/05/28

43 Solutions? Increasing reliance on OS isolation makes these attacks easier OS problem, not an application problem Disable /proc o FreeBSD: no /proc, but attacker can still measure victim's memory footprint via kvm_getprocs Stop reporting fine-grained resource usage across “user” boundary Only report info for user's own processes Breaks tools like ps, top etc. 43 A Seminar at Advanced Defense Lab 2012/05/28

44 does NOT need the API needed the API Summary Process info API o A legacy of the 1980s o Reveals process's resource usage - CPU, mem, netw o A single measurement is harmless (most of the time) o Dynamics of processes’ resource usage = high-bandwidth side channel Memento attacks o OS designers must rethink process info API 44 2012/05/28

Download ppt "Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012)"

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Operating System Structures

Operating System Structures
Objectives Overview Define an operating system

Objectives Overview Define an operating system
HARDWARE ACCELERATED WEB BROWSER Berlian Juliartha M.P7408040015 Indah Yudi Suryani7408040020 Wais Al Qonri H.7408040028.

HARDWARE ACCELERATED WEB BROWSER Berlian Juliartha M.P Indah Yudi Suryani Wais Al Qonri H
Chapter 6 Security Kernels.

Chapter 6 Security Kernels.
By : Versha Thakur Shravani Aishwarya

By : Versha Thakur Shravani Aishwarya
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.

INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
© 2004, D. J. Foreman 1 CS350 Operating Systems. © 2004, D. J. Foreman 2 Administrivia  Assignments ■ Homework on most chapters ■ Approximately 8 lab.

© 2004, D. J. Foreman 1 CS350 Operating Systems. © 2004, D. J. Foreman 2 Administrivia  Assignments ■ Homework on most chapters ■ Approximately 8 lab.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
1 Operating Systems Ch. 14 - An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, 2000 2 Bare Bones Computer.

1 Operating Systems Ch An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, Bare Bones Computer.
Security Issues in Web Applications Vitaly Shmatikov CS 6431.

Security Issues in Web Applications Vitaly Shmatikov CS 6431.
OS Concepts An Introduction operating systems. At the end of this module, you should have a basic understanding of what an operating system is, what it.

OS Concepts An Introduction operating systems. At the end of this module, you should have a basic understanding of what an operating system is, what it.
Why Threads Are A Bad Idea (for most purposes) John Ousterhout Sun Microsystems Laboratories

Why Threads Are A Bad Idea (for most purposes) John Ousterhout Sun Microsystems Laboratories
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
MOBILE PACKET MONITOR Josue Martins (front end) Chisha Malama (back end) Supervised by Dr WD Tucker & Mr Michael Norman.

MOBILE PACKET MONITOR Josue Martins (front end) Chisha Malama (back end) Supervised by Dr WD Tucker & Mr Michael Norman.
Memento: Learning Secrets from Process Footprints Suman Jana and Vitaly Shmatikov The University of Texas at Austin.

Memento: Learning Secrets from Process Footprints Suman Jana and Vitaly Shmatikov The University of Texas at Austin.
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.
CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.

CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.

Similar presentations

Ads by Google