tailieunhanh - Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems

In this paper, we show that such seemingly minor information leaks can have more serious consequences than the system designer thought. We present a new at- tack in which a malicious user can eavesdrop on others’ keystrokes using nothing but her non-privileged account. Our attack takes advantage of the information disclosed by procfs [19], the process file system supported by most Unix-like operating systems such as Linux, BSD, Solaris and IBM AIX. Procfs contains a hierarchy of virtual files that describe the current kernel state, including statistical information about the memory of processes and some of their register values. These files are used by the programs like ps and top to collect. | Peeping Tom in the Neighborhood Keystroke Eavesdropping on Multi-User Systems Kehuan Zhang Indiana University Bloomington kehzhang@indiana. edu XiaoFeng Wang Indiana University Bloomington xw 7@indiana. edu Abstract A multi-user system usually involves a large amount of information shared among its users. The security implications of such information can never be underestimated. In this paper we present a new attack that allows a malicious user to eavesdrop on other users keystrokes using such information. Our attack takes advantage of the stack information of a process disclosed by its virtual file within procfs the process file system supported by Linux. We show that on a multi-core system the ESP of a process when it is making system calls can be effectively sampled by a shadow program that continuously reads the public statistical information of the process. Such a sampling is shown to be reliable even in the presence of multiple users when the system is under a realistic workload. From the ESP content a keystroke event can be identified if they trigger system calls. As a result we can accurately determine inter-keystroke timings and launch a timing attack to infer the characters the victim entered. We developed techniques for automatically analyzing an application s binary executable to extract the ESP pattern that fingerprints a keystroke event. The occurrences of such a pattern are identified from an ESP trace the shadow program records from the application s runtime to calculate timings. These timings are further analyzed using a Hidden Markov Model and other public information related to the victim on a multi-user system. Our experimental study demonstrates that our attack greatly facilitates password cracking and also works very well on recognizing English words. 1 Introduction Multi-user operating systems and application software have been in use for decades and are still pervasive today. Those systems allow concurrent access by multiple users so as to .

• Internet Marketing
• Risk associated
• Removal of unsystematic
• Building and management
• estate portfolios
• Market specific
• economic research
• Risk factors and geriatric
• Risk factors
• Prevalence of diabetes
• Associated risk factors
• Elderly rural population
• Socio economic status
• Risk factors and Tamil Nadu
• Risk factors associated
• Prevalence of bovine brucellosis
• Milk from Tamil Nadu
• Identification of risk factors
• Buffalo calves
• Potential risk factors associated
• Buffalo calves raised
• Smallholder farms in Egypt
• Toxoplasma gondii
• Saudi arabia
• Toxoplasmosis among females
• Hoof disorders
• Crossbred dairy cattle
• Field conditions
• Incidence of hoof disorders
• Soil transmitted Helminthes
• Soil transmitted helminthic infection
• Children in a teaching hospital
• Formalin ethyl acetate solution
• Are time preference
• Risk preference associated
• Cognitive intelligence
• Emotional intelligent
• Reality makes it easier
• BMC Pediatrics
• Cord blood
• Vitamin D
• Associated outcome
• Maternal risk factors
• Pre discharge clinical
• BMC Pharmacology and Toxicology
• Spasmolytic drug
• Treat abdominal pain
• Rhabdomyolysis associated
• Fenoverine prescription
• Mechanical ventilation
• Ventilator associated pneumonia
• SRM medical college hospital
• A study under HICC
• Associated risk factors analysis
• Serum sample of bovines
• Serum sample
• First established early
• Ventilator associated tracheobronchitis
• Endotracheal aspirates
• Predisposing risk factors
• Drug resistance
• Financial holding companies
• Whole operational value
• Financial risk
• Value at risk
• Value risk relation model
• BMC Cancer
• Social marketing
• Selected cancer risk factors
• Cancer protective behaviours
• Master's thesis of Engineering
• Master's thesis
• Adverse events
• Risk management
• Medical error
• Clinical risk management literature
• Demographic data
• Antibiotic profile
• Molecular characterisation
• Carbapenem resistant non fermentative
• Gram negative bacteria
• Vietnam Journal of Science and Technology
• Occurrence of PAHs
• The atmosphere and incense burning area
• Health risk assessment
• Toxic equivalent factor
• Incremental lifetime cancer risk
• Hematogenous and lymphatic metastasis
• Lymphovascular space invasion
• Tumor stroma
• Cancer associated fibroblast
• Ovarian cancer
• Obesity associated gene
• Pancreatic cancer
• Genome wide association
• Fat mass
• BMC Musculoskeletal Disorders
• Acute whiplash associated disorders
• Whiplash injury
• Pain related disability
• BMC Pulmonary Medicine
• Associated factors
• Atopic sensitization
• Respiratory symptoms
• Stuffed furniture
• Intensive care units
• Pneumonia poses
• Health care system
• Pneumonia associated
• Severe pneumonia
• BMC Genomics
• Rugby union
• Rugby league
• Single nucleotide
• Rugby athletes
• BMC Anesthesiology
• Contrast associated acute kidney injury
• Intensive care unit
• RIFLE classification
• End stage kidney diseas
• Scientific reports
• scientific research
• biochemistry
• Mutations in the tumor suppressor breast cancer susceptibility gene 1 (BRCA1)
• an important player in the DNA damage response
• apoptosis
• cell cycle regulation and transcription
• confer a significantly elevated life time risk for breast and ovarian cancer