Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel
Application sandboxing is a well-established security principle employed in the Android platform to safeguard sensitive information. However, hardware resources, specifically the CPU caches, are beyond the protection of this software-based mechanism, leaving room for potential side-channel attacks....
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9354 https://ink.library.smu.edu.sg/context/sis_research/article/10354/viewcontent/usenixsecurity24_lin_yan.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10354 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-103542024-10-17T03:20:52Z Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel LIN, Yan WONG, Joshua LI, Xiang MA, Haoyu GAO, Debin Application sandboxing is a well-established security principle employed in the Android platform to safeguard sensitive information. However, hardware resources, specifically the CPU caches, are beyond the protection of this software-based mechanism, leaving room for potential side-channel attacks. Existing attacks against this particular weakness of app sandboxing mainly target shared components among apps, hence can only observe system-level program dynamics (such as UI tracing). In this work, we advance cache side-channel attacks by demonstrating the viability of non-intrusive and fine-grained probing across different app sandboxes, which have the potential to uncover app-specific and private program behaviors, thereby highlighting the importance of further research in this area. In contrast to conventional attack schemes, our proposal leverages a user-level attack surface within the Android platform, namely the dynamic inter-app component sharing with package context (also known as DICI), to fully map the code of targeted victim apps into the memory space of the attacker's sandbox. Building upon this concept, we have developed a proof-of-concept attack demo called ANDROSCOPE and demonstrated its effectiveness with empirical evaluations where the attack app was shown to be able to successfully infer private information pertaining to individual apps, such as driving routes and keystroke dynamics with considerable accuracy. 2024-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9354 https://ink.library.smu.edu.sg/context/sis_research/article/10354/viewcontent/usenixsecurity24_lin_yan.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security LIN, Yan WONG, Joshua LI, Xiang MA, Haoyu GAO, Debin Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel |
| description |
Application sandboxing is a well-established security principle employed in the Android platform to safeguard sensitive information. However, hardware resources, specifically the CPU caches, are beyond the protection of this software-based mechanism, leaving room for potential side-channel attacks. Existing attacks against this particular weakness of app sandboxing mainly target shared components among apps, hence can only observe system-level program dynamics (such as UI tracing). In this work, we advance cache side-channel attacks by demonstrating the viability of non-intrusive and fine-grained probing across different app sandboxes, which have the potential to uncover app-specific and private program behaviors, thereby highlighting the importance of further research in this area. In contrast to conventional attack schemes, our proposal leverages a user-level attack surface within the Android platform, namely the dynamic inter-app component sharing with package context (also known as DICI), to fully map the code of targeted victim apps into the memory space of the attacker's sandbox. Building upon this concept, we have developed a proof-of-concept attack demo called ANDROSCOPE and demonstrated its effectiveness with empirical evaluations where the attack app was shown to be able to successfully infer private information pertaining to individual apps, such as driving routes and keystroke dynamics with considerable accuracy. |
| format |
text |
| author |
LIN, Yan WONG, Joshua LI, Xiang MA, Haoyu GAO, Debin |
| author_facet |
LIN, Yan WONG, Joshua LI, Xiang MA, Haoyu GAO, Debin |
| author_sort |
LIN, Yan |
| title |
Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel |
| title_short |
Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel |
| title_full |
Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel |
| title_fullStr |
Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel |
| title_full_unstemmed |
Peep with a mirror: Breaking the integrity of Android app sandboxing via unprivileged cache side channel |
| title_sort |
peep with a mirror: breaking the integrity of android app sandboxing via unprivileged cache side channel |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/9354 https://ink.library.smu.edu.sg/context/sis_research/article/10354/viewcontent/usenixsecurity24_lin_yan.pdf |
| _version_ |
1814047932196847616 |