NATIONAL SCIENCE FOUNDATION Award 1619450 to Qian, Zhiyun: TWC: Small: Cache-based Side Channel Attacks on Smartphone graphics Buffers: New Vulnerabilties and Defenses

Zhiyun Qian
Professor
Computer Science & Engineering
zhiyunq@ucr.edu
(951) 827-6438

UCR Grants Archive

TWC: Small: Cache-based Side Channel Attacks on Smartphone graphics Buffers: New Vulnerabilties and Defenses

AWARD NUMBER

008478-003

FUND NUMBER

33297

STATUS

Active

AWARD TYPE

3-Grant

AWARD EXECUTION DATE

7/20/2016

BEGIN DATE

10/1/2016

END DATE

9/30/2019

AWARD AMOUNT

$16,000

Sponsor Information

SPONSOR AWARD NUMBER

1619450

SPONSOR

NATIONAL SCIENCE FOUNDATION

SPONSOR TYPE

Federal

FUNCTION

Organized Research

PROGRAM NAME

Proposal Information

PROPOSAL NUMBER

16050523

PROPOSAL TYPE

New

ACTIVITY TYPE

Basic Research

PI Information

Qian, Zhiyun

PI TITLE

Other

PI DEPTARTMENT

Computer Science & Engineering

PI COLLEGE/SCHOOL

Bourns College of Engineering

CO PIs

Abu-Ghazaleh, Nael;

Project Information

ABSTRACT

Touch screens on smart mobile devices such as cell phones or tablets allow both user input (touch events) and display output. For a touch screen to function, the mobile device stores input and display data in a graphics buffer internal to the device. The researchers have discovered that a malicious application running on the mobile device could silently monitor characteristics of the graphics buffer to identify the alphanumeric characters that the user types into the touch keyboard or information displayed on the screen. The malicious application could then send that information to a third party, violating the confidentiality of the user's input or output. This project is assessing the feasibility of attacks on the graphics buffer and studying characteristics of graphics buffer vulnerabilities. The researchers are developing software- and hardware-based defenses to mitigate such vulnerabilities.

The researchers are studying attacks that use a CPU cache-based side channel, a technique for deriving the access pattern of a process from another process, to identify which locations on the screen are being modified, allowing the attacker to gain information about user I/O activity such as data being typed on a keyboard. Prior work on cache-based side channel attacks and defenses has focused on cryptographic algorithms where the critical data has a small memory footprint, and is read-only. In contrast, graphics buffers are extremely large (on the order of MBytes), and are both read and written to, requiring new approaches for attacks and defenses. The project is studying how such attacks might be generalized, as well as the extent of feasible resolution and precision. Finally, the researchers are designing countermeasures, considering security, performance overhead, complexity, and impact on the core process pipeline and caches.

(Abstract from NSF)