|
Smart phones have permeated all facets of our lives facilitating daily activities from shopping to social interactions. Mobile devices collect sensitive information about our behavior via various sensors. Operating systems (OS)enforce strict isolation between apps to protect data and complex permission management. Yet, apps get free access to hardware including CPU and caches. Access to shared hardware resources result in information leakage across apps. Microarchitectural attacks have already proven to succeed in stealing information on PC and even on virtualized cloud servers. This project (MIST) quantifies the vulnerability of mobile platforms to microarchitectural attacks and develops countermeasures.
MIST systematically explores which resources enable these attacks on the mobile platform, identifies mechanisms that are essential to an attack, and quantifies the amount of information obtainable from given resources. By making use of machine learning techniques, methods for detecting malicious code exploiting microarchitectural leakage are developed. To remedy microarchitectural attacks, MIST explores countermeasures that can manage resources in a way that they are no longer exploitable by side channels. In addition, tools that help app developers prevent leakage when writing code processing sensitive information are provided. The studied detection and prevention techniques apply to a wide range of interactions as experienced in mobile computing today. Thereby, MIST helps to secure personal information stored on mobile platforms with immediate benefits to virtually all mobile platform users. Many of the envisioned Internet of Things hubs build on the same platforms, further increasing the impact of this research.
|
TWC: Small: MIST: Systematic Analysis of Microarchitectural Information Leakage on Mobile Platforms