Side-channel attacks, a class of attacks that exploit a shared microarchitectural state between a victim and an attacker, present a large threat to the security of shared computing systems. Through such attacks, an attacker can steal secrets from a victim by observing visible contention on shared microarchitectural structures, including caches, memory controllers, on-chip networks, and functional units. A significant research challenge is the quantitative study of the security effectiveness of these schemes, identifying whether these obfuscating schemes help increase the security level of a system and, if so, by how much.
In a new study, MIT scientists addressed this challenge by introducing Metior, a framework to quantitatively evaluate how much information an attacker could learn from a victim program with an obfuscation scheme in place. Their framework enables the user to investigate the impact of various victim programs, attacker tactics, and obfuscation scheme configurations on the volume of sensitive data leakage. The framework could be used by engineers who create microprocessors to assess the efficacy of various security protocols and identify the most promising architecture at an early stage of chip design.
According to scientists, the framework helped them realize that they shouldn’t look at these security schemes in isolation. Although evaluating an obfuscation technique’s success for a specific victim is alluring, doing so doesn’t advance the understanding of why these attacks succeed. When viewing things from a higher perspective, we may see the bigger picture of what is happening.
With Metior, scientists wanted a unified model to analyze any obfuscation scheme. To achieve that goal, they designed Metior to map the flow of information through an obfuscation scheme into random variables.
The framework, One Metior, uses methods from information theory to comprehend how an attacker might be able to get information from a victim. With those components in place, Metior can calculate the likelihood that an attacker will correctly guess the victim’s confidential information.
Peter Deutsch, a graduate student and lead author of an open-access paper on Metior, said, “We take all of the nitty-gritty elements of this microarchitectural side-channel and map it down to a math problem. Once we do that, we can explore many strategies and better understand how making small tweaks can help you defend against information leaks.”
To evaluate attack tactics and examine information loss from cutting-edge obfuscation systems, they used Metior in three case studies. Through their analyses, they learned how Metior could spot intriguing behaviors that weren’t fully understood.
As an illustration, a previous investigation found that a particular kind of side-channel attack known as probabilistic prime and probe was successful because this complex attack involves a first stage where it profiles a victim system to comprehend its defenses.
The researchers hope to keep improving Metior so that the framework can analyze even very complex obfuscation strategies more effectively going forward. They also want to research different victim programs and other forms of obfuscation, and they want to investigate the most common defenses in greater detail.
Journal Reference:
- Peter W. Deutsch, Weon Taek Na, Thomas Bourgeat, Joel S. Emer, Mengjia Yan. Metior: A Comprehensive Model to Evaluate Obfuscating Side-Channel Defense Schemes. Paper