Students who don't understand information flow should be eaten: an experience paper
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Collaborative TCP sequence number inference attack: how to crack sequence number under a second
Proceedings of the 2012 ACM conference on Computer and communications security
Communications of the ACM
Identity, location, disease and more: inferring your secrets from android public resources
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.02 |
We describe a new side-channel attack. By tracking changes in the application's memory footprint, a concurrent process belonging to a different user can learn its secrets. Using Web browsers as the target, we show how an unprivileged, local attack process -- for example, a malicious Android app -- can infer which page the user is browsing, as well as finer-grained information: whether she is a paid customer, her interests, etc. This attack is an instance of a broader problem. Many isolation mechanisms in modern systems reveal accounting information about program execution, such as memory usage and CPU scheduling statistics. If temporal changes in this public information are correlated with the program's secrets, they can lead to a privacy breach. To illustrate the pervasiveness of this problem, we show how to exploit scheduling statistics for keystroke sniffing in Linux and Android, and how to combine scheduling statistics with the dynamics of memory usage for more accurate adversarial inference of browsing behavior.