Presentation is loading. Please wait.

Presentation is loading. Please wait.

Memento: Learning Secrets from Process Footprints Suman Jana and Vitaly Shmatikov The University of Texas at Austin.

Published byGeorge Eaton Modified over 9 years ago

Similar presentations

Presentation on theme: "Memento: Learning Secrets from Process Footprints Suman Jana and Vitaly Shmatikov The University of Texas at Austin."— Presentation transcript:

1 Memento: Learning Secrets from Process Footprints Suman Jana and Vitaly Shmatikov The University of Texas at Austin

2 Trends in software design Applications rely on OS abstractions to improve their safety and reliability o “Process” o “User” Case study: Web browsers www.xbank.comwww.quickdate.com Fork a new process OS isolation Fork a new process

3 Unintended consequences Good Better isolation Better reliability o Others not affected if one process crashes Better safety Bad Leaks more info to concurrent processes Topic of this talk

4 ProcFS: Process info in multi-user OS introduced in the 1980s Tom Killian "Processes as Files" (1984) cat /proc/1/st atus ps top –p 1

5 What can one learn from ProcFS? IP addrs of websites other users are visiting

6 Side channels through /proc "Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems" - Usenix Security 2009 o Keystroke timing leak through ESP/EIP values from /proc/ /stat XiaoFeng WangKehuan Zhang

7 The story of "Peeping Tom" NDSS '09 program committee: "Nobody uses multi-user computers anymore" Shout-out to XiaoFeng ;)

8 The story of "Peeping Tom" Oakland '09 program committee: "Nobody uses multi-user computers anymore" Shout-out to XiaoFeng ;)

9 Nobody uses multi-user computers anymore???

10 Android sandboxing = UNIX multi-user isolation UNIX multi-users in the 1980s cat /proc/1/st atus ps top –p 1

11 Android sandboxing = UNIX multi-user isolation Android “multi-users” in 2012 cat /proc/1/st atus ps top –p 1

12 Different apps run as different users Android sandboxing = UNIX multi-user isolation Android uses OS “user” abstraction to isolate applications

13 Android “multi-users” in 2012 cat /proc/1/st atus ps top –p 1 ProcFS API is still unchanged!! Android sandboxing = UNIX multi-user isolation

14 What can a zero-permission app do? Can read all world-readable files in /proc … but “Peeping Tom” attack does not work  o ESP/EIP too unpredictable - JVM, GUI etc. Introducing “Memento” attacks o Works on all major OSs (except iOS)

15 This is not just about Android!

16 Process resource usage = big-time side channel Memory usage leaks inputs and user actions o Reveals webpages visited in Chrome, Firefox, Android browser, any WebKit-based browser o Reveals state of Web applications  Membership in dating sites, specific interests on medical sites, etc. CPU usage leaks keystroke timing o For bash, ssh, Android on-screen keyboard handler o Yields a better, much more robust “Peeing Tom” Completely new attack! Completely new attack!

17 “Memento” (2000): putting together “memory streams”

18 “Memento” (2000): putting together “memory streams”

19 Memprint: stream of memory usage 10568 KB 15976 KB 11632 KB 65948 KB 49380 KB 48996 KB 60280 KB 60820 KB 59548 KB

20 2050 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint 2050

21 2056 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint brk/mmap 2050 2056

22 2080 Sniffing memory footprints zero-permission malicious process OS isolation browser process alloc 1 alloc 2 OS free page pool used page count memprint brk/mmap 2056 2050 2080

23 Memprint for Chrome loading benaughty.com

24

25

26 Full attack OS isolation browser zero-permission app /proc/pid/statm memprint database

27 Why the attack works Memprints are unique (for up to 43% of webpages) Can tune recognition to achieve zero false positives Memprints are stable … across repeated visits to the same page memprints are OS/browser- dependent but machine- independent

28 Cross-page similarity for 100 random pages out of Alexa top 1000 Different from others Similar to themselves web page ID similarity = Jaccard index of memprints

29 Fine-grained info leak: OkCupid is login successful ? no yes memory usage increases by 1-2 MB memory usage increases by 1-2 MB is a paid customer ? is a paid customer ? no memory usage increases by 27-36 MB memory usage increases by 27-36 MB no new flash player plugin process new flash player plugin process to display ads yes

30 Concurrent processes don't hurt, sometimes make it even better!!

31 Memento attacks: CPU usage info Monitor /proc/ /status for number of context switches Infer inter-keystroke timing for bash, ssh, Android on-screen keyboard handler etc. o Processing each keystroke requires a predictable number of context switches o Keystroke processing time << keystroke interval sufficient to reconstruct typed text [Zhang and Wang]

32 Keystroke timing (Android MMS app)

33 Solutions? Increasing reliance on OS isolation makes these attacks easier o OS problem, not an application problem Disable /proc o FreeBSD: no /proc, but attacker can still measure victim's memory footprint via kvm_getprocs Stop reporting fine-grained resource usage across “user” boundary o Only report info for user's own processes o Breaks tools like ps, top etc.

34 does NOT need the API needed the API Process info API o A legacy of the 1980s o Reveals process's resource usage - CPU, mem, netw o A single measurement is harmless (most of the time) o Dynamics of processes’ resource usage = high-bandwidth side channel Memento attacks o OS designers must rethink process info API Summary

Download ppt "Memento: Learning Secrets from Process Footprints Suman Jana and Vitaly Shmatikov The University of Texas at Austin."

Similar presentations

Hardware Lesson 3 Inside your computer.

Hardware Lesson 3 Inside your computer.
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Slide 2-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 2 Using the Operating System 2.

Slide 2-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 2 Using the Operating System 2.
Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.

Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks Qi Alfred Chen, Zhiyun Qian†, Z. Morley Mao University of.
Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012)

Suman Jana and Vitaly Shmatikov The University of Texas at Austin Memento: Learning Secrets from Process Footprints 33 rd Security & Privacy (May, 2012)
Architecture Support for Security Peter Chapman Michael Maass.

Architecture Support for Security Peter Chapman Michael Maass.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
© 2004, D. J. Foreman 1 O/S Organization. © 2004, D. J. Foreman 2 Topics  Basic functions of an OS ■ Dev mgmt ■ Process & resource mgmt ■ Memory mgmt.

© 2004, D. J. Foreman 1 O/S Organization. © 2004, D. J. Foreman 2 Topics  Basic functions of an OS ■ Dev mgmt ■ Process & resource mgmt ■ Memory mgmt.
Review: Process Management Objective: –Enable fair multi-user, multiprocess computing on limited physical resources –Security and efficiency Process: running.

Review: Process Management Objective: –Enable fair multi-user, multiprocess computing on limited physical resources –Security and efficiency Process: running.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
1 Operating Systems Ch. 14 - An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, 2000 2 Bare Bones Computer.

1 Operating Systems Ch An Overview. Architecture of Computer Hardware and Systems Software Irv Englander, John Wiley, Bare Bones Computer.
Security Issues in Web Applications Vitaly Shmatikov CS 6431.

Security Issues in Web Applications Vitaly Shmatikov CS 6431.
OS Concepts An Introduction operating systems. At the end of this module, you should have a basic understanding of what an operating system is, what it.

OS Concepts An Introduction operating systems. At the end of this module, you should have a basic understanding of what an operating system is, what it.
Why Threads Are A Bad Idea (for most purposes) John Ousterhout Sun Microsystems Laboratories

Why Threads Are A Bad Idea (for most purposes) John Ousterhout Sun Microsystems Laboratories
Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 16AP. 1Winter Quarter UNIX Process Management.

Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 16AP. 1Winter Quarter UNIX Process Management.
A Computer is a machine that… Receives inputs Processes info. Gives outputs.

A Computer is a machine that… Receives inputs Processes info. Gives outputs.
Case study 2 Android – Mobile OS.

Case study 2 Android – Mobile OS.

Similar presentations

Ads by Google