»IPC - the broken dream of inherent security«
2018-10-17, 08:45–09:30, Europe

This talk presents vulnerabilities related to inter-process communication (IPC) inside the computer. These vulnerabilities allow a non-privileged process to impersonate the IPC communication endpoints and steal sensitive data of other users on the same computer, including passwords and authentication factors.

The detailed outline of the talk is as follows.

  1. Introduction and problem statement
  2. We first introduce the problem of the communication inside computers. We then present the adversary model where the attacker is a non-privileged user on multi-user computers, who tries to steal information from another user. Such multi-user computers can be found in enterprises with centralized access control that gives multiple users access to the same host. Computers with guest accounts and shared computers at home are similarly vulnerable. We call this attacker “Man-in-the-Machine” (MitMa).

  3. Taxonomy of the attack surface

  4. In the second part of the talk, we give an overview of the local communication mechanisms that are potentially vulnerable to the MitMa attacker, including network sockets, named pipes, and Universal Serial Bus. We also discuss the attack vectors that the MitMa attacker can exploit against each mechanism.

  5. Case study

  6. We demonstrate how the MitMa attacks affect real-world applications by presenting vulnerabilities that we found in security-critical applications, including password managers and hardware security tokens.

  7. Live demo

  8. We show how easy the mentioned attacks can be carried out in practice. This is because it does not rely on any special privileges or installation of malicious app on victim’s computer. Here, we again highlight the seriousness of such attacks in enterprise environment.

  9. Defensive mechanisms

  10. We discuss some defensive mechanisms for the attacks that we presented. The attacks and threat model according to us is seemingly common among many other types of applications (other than password managers, we also have many more practical examples). Hence the goal is to present a taxonomy of defense mechanisms that brings order to the concepts, rather than to cover all technical details.

  11. Conclusion

  12. We conclude our talk on a high and positive note where we expect the importance of IPC security to increase as operating systems strive to isolate not only users but also applications from each other.