ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android

Raphael Spreitzer, Felix Kirchengast, Daniel Gruss, Stefan Mangard

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband


The procfs has been identified as a viable source of side-channel information leaks on mobile devices. Starting with Android M (Android 6), access to the procfs has been continuously restricted in order to cope with these attacks. Yet, more recent papers demonstrated that even if access to process-specific information is restricted within the procfs, global statistics can still be exploited. However, with state-of-the-art techniques, the search for procfs information leaks requires a significant amount of manual work. This makes an exhaustive analysis of existing and newly introduced procfs resources in terms of information leaks impractical.

We introduce ProcHarvester, a systematic and fully automated technique to assess procfs information leaks. ProcHarvester automatically triggers events of interest and later on applies machine learning techniques to identify procfs information leaks. We demonstrate the power of ProcHarvester by identifying information leaks to infer app starts from a set of 100 apps with an accuracy of 96% on Android N (Android 7). Thereby, we outperform the most accurate app inference attack by about 10 percentage points. We also demonstrate the ease of applicability of ProcHarvester by showing how to profile other events such as website launches as well as keyboard gestures, and we identify the first procfs side channels on Android O (Android 8). ProcHarvester advances investigations of procfs information leaks to the next level and will hopefully help to reduce the attack surface of side-channel attacks.
TitelASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security
PublikationsstatusVeröffentlicht - 2018

Fields of Expertise

  • Information, Communication & Computing

Fingerprint Untersuchen Sie die Forschungsthemen von „ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren