ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android

Raphael Spreitzer, Felix Kirchengast, Daniel Gruss, Stefan Mangard

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

The procfs has been identified as a viable source of side-channel information leaks on mobile devices. Starting with Android M (Android 6), access to the procfs has been continuously restricted in order to cope with these attacks. Yet, more recent papers demonstrated that even if access to process-specific information is restricted within the procfs, global statistics can still be exploited. However, with state-of-the-art techniques, the search for procfs information leaks requires a significant amount of manual work. This makes an exhaustive analysis of existing and newly introduced procfs resources in terms of information leaks impractical.

We introduce ProcHarvester, a systematic and fully automated technique to assess procfs information leaks. ProcHarvester automatically triggers events of interest and later on applies machine learning techniques to identify procfs information leaks. We demonstrate the power of ProcHarvester by identifying information leaks to infer app starts from a set of 100 apps with an accuracy of 96% on Android N (Android 7). Thereby, we outperform the most accurate app inference attack by about 10 percentage points. We also demonstrate the ease of applicability of ProcHarvester by showing how to profile other events such as website launches as well as keyboard gestures, and we identify the first procfs side channels on Android O (Android 8). ProcHarvester advances investigations of procfs information leaks to the next level and will hopefully help to reduce the attack surface of side-channel attacks.
Original languageEnglish
Title of host publicationASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security
Pages749-763
DOIs
Publication statusPublished - 2018

Fingerprint

Application programs
Mobile devices
Learning systems
Websites
Statistics
Android (operating system)

Fields of Expertise

  • Information, Communication & Computing

Cite this

Spreitzer, R., Kirchengast, F., Gruss, D., & Mangard, S. (2018). ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android. In ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security (pp. 749-763) https://doi.org/10.1145/3196494.3196510

ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android. / Spreitzer, Raphael; Kirchengast, Felix; Gruss, Daniel; Mangard, Stefan.

ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security . 2018. p. 749-763.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Spreitzer, R, Kirchengast, F, Gruss, D & Mangard, S 2018, ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android. in ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security . pp. 749-763. https://doi.org/10.1145/3196494.3196510
Spreitzer R, Kirchengast F, Gruss D, Mangard S. ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android. In ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security . 2018. p. 749-763 https://doi.org/10.1145/3196494.3196510
Spreitzer, Raphael ; Kirchengast, Felix ; Gruss, Daniel ; Mangard, Stefan. / ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android. ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security . 2018. pp. 749-763
@inproceedings{d6361fb57f4d4da28a003a198f5b7e44,
title = "ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android",
abstract = "The procfs has been identified as a viable source of side-channel information leaks on mobile devices. Starting with Android M (Android 6), access to the procfs has been continuously restricted in order to cope with these attacks. Yet, more recent papers demonstrated that even if access to process-specific information is restricted within the procfs, global statistics can still be exploited. However, with state-of-the-art techniques, the search for procfs information leaks requires a significant amount of manual work. This makes an exhaustive analysis of existing and newly introduced procfs resources in terms of information leaks impractical.We introduce ProcHarvester, a systematic and fully automated technique to assess procfs information leaks. ProcHarvester automatically triggers events of interest and later on applies machine learning techniques to identify procfs information leaks. We demonstrate the power of ProcHarvester by identifying information leaks to infer app starts from a set of 100 apps with an accuracy of 96{\%} on Android N (Android 7). Thereby, we outperform the most accurate app inference attack by about 10 percentage points. We also demonstrate the ease of applicability of ProcHarvester by showing how to profile other events such as website launches as well as keyboard gestures, and we identify the first procfs side channels on Android O (Android 8). ProcHarvester advances investigations of procfs information leaks to the next level and will hopefully help to reduce the attack surface of side-channel attacks.",
author = "Raphael Spreitzer and Felix Kirchengast and Daniel Gruss and Stefan Mangard",
year = "2018",
doi = "10.1145/3196494.3196510",
language = "English",
isbn = "978-1-4503-5576-6",
pages = "749--763",
booktitle = "ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security",

}

TY - GEN

T1 - ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android

AU - Spreitzer, Raphael

AU - Kirchengast, Felix

AU - Gruss, Daniel

AU - Mangard, Stefan

PY - 2018

Y1 - 2018

N2 - The procfs has been identified as a viable source of side-channel information leaks on mobile devices. Starting with Android M (Android 6), access to the procfs has been continuously restricted in order to cope with these attacks. Yet, more recent papers demonstrated that even if access to process-specific information is restricted within the procfs, global statistics can still be exploited. However, with state-of-the-art techniques, the search for procfs information leaks requires a significant amount of manual work. This makes an exhaustive analysis of existing and newly introduced procfs resources in terms of information leaks impractical.We introduce ProcHarvester, a systematic and fully automated technique to assess procfs information leaks. ProcHarvester automatically triggers events of interest and later on applies machine learning techniques to identify procfs information leaks. We demonstrate the power of ProcHarvester by identifying information leaks to infer app starts from a set of 100 apps with an accuracy of 96% on Android N (Android 7). Thereby, we outperform the most accurate app inference attack by about 10 percentage points. We also demonstrate the ease of applicability of ProcHarvester by showing how to profile other events such as website launches as well as keyboard gestures, and we identify the first procfs side channels on Android O (Android 8). ProcHarvester advances investigations of procfs information leaks to the next level and will hopefully help to reduce the attack surface of side-channel attacks.

AB - The procfs has been identified as a viable source of side-channel information leaks on mobile devices. Starting with Android M (Android 6), access to the procfs has been continuously restricted in order to cope with these attacks. Yet, more recent papers demonstrated that even if access to process-specific information is restricted within the procfs, global statistics can still be exploited. However, with state-of-the-art techniques, the search for procfs information leaks requires a significant amount of manual work. This makes an exhaustive analysis of existing and newly introduced procfs resources in terms of information leaks impractical.We introduce ProcHarvester, a systematic and fully automated technique to assess procfs information leaks. ProcHarvester automatically triggers events of interest and later on applies machine learning techniques to identify procfs information leaks. We demonstrate the power of ProcHarvester by identifying information leaks to infer app starts from a set of 100 apps with an accuracy of 96% on Android N (Android 7). Thereby, we outperform the most accurate app inference attack by about 10 percentage points. We also demonstrate the ease of applicability of ProcHarvester by showing how to profile other events such as website launches as well as keyboard gestures, and we identify the first procfs side channels on Android O (Android 8). ProcHarvester advances investigations of procfs information leaks to the next level and will hopefully help to reduce the attack surface of side-channel attacks.

U2 - 10.1145/3196494.3196510

DO - 10.1145/3196494.3196510

M3 - Conference contribution

SN - 978-1-4503-5576-6

SP - 749

EP - 763

BT - ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security

ER -