[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.5555/2337159.2337172acmconferencesArticle/Chapter ViewAbstractPublication PagesiscaConference Proceedingsconference-collections
research-article

Side-channel vulnerability factor: a metric for measuring information leakage

Published: 09 June 2012 Publication History

Abstract

There have been many attacks that exploit side-effects of program execution to expose secret information and many proposed countermeasures to protect against these attacks. However there is currently no systematic, holistic methodology for understanding information leakage. As a result, it is not well known how design decisions affect information leakage or the vulnerability of systems to side-channel attacks.
In this paper, we propose a metric for measuring information leakage called the Side-channel Vulnerability Factor (SVF). SVF is based on our observation that all side-channel attacks ranging from physical to microarchitectural to software rely on recognizing leaked execution patterns. SVF quantifies patterns in attackers' observations and measures their correlation to the victim's actual execution patterns and in doing so captures systems' vulnerability to side-channel attacks.
In a detailed case study of on-chip memory systems, SVF measurements help expose unexpected vulnerabilities in whole-system designs and shows how designers can make performance-security trade-offs. Thus, SVF provides a quantitative approach to secure computer architecture.

References

[1]
S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 191--206, may 2010.
[2]
L. Domnitser, N. Abu-Ghazaleh, and D. Ponomarev. A predictive model for cache-based side channels in multicore and multithreaded microprocessors. In Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security, MMM-ACNS'10, pages 70--85, Berlin, Heidelberg, 2010. Springer-Verlag.
[3]
T. fu Chen and J. loup Baer. Effective hardware-based data prefetching for high-performance processors. IEEE Transactions on Computers, 44:609--623, 1995.
[4]
D. Gullasch, E. Bangerter, and S. Krenn. Cache games -- bringing access-based cache attacks on aes to practice. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 490--505, May 2011.
[5]
M. J. Hind, V. T. Rajan, and P. F. Sweeney. Phase shift detection: A problem classification, 2003.
[6]
C. K. Koc. Cryptographic Engineering. Springer Publishing Company, Incorporated, 1st edition, 2008.
[7]
P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. pages 388--397. Springer-Verlag, 1999.
[8]
J. Kong, O. Aciicmez, J.-P. Seifert, and H. Zhou. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM workshop on Computer security architectures, CSAW '08, pages 25--34, New York, NY, USA, 2008. ACM.
[9]
T. S. Messerges, E. A. Dabbish, and R. H. Sloan. Investigations of power analysis attacks on smartcards. In Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, WOST'99, pages 17--17, Berkeley, CA, USA, 1999. USENIX Association.
[10]
K. J. Nesbit and J. E. Smith. Data cache prefetching using a global history buffer. Ieee Micro, 25(1):90--97, 2004.
[11]
D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: The case of aes. In CT-RSA, pages 1--20, 2006.
[12]
D. Page. Defending against cache-based side-channel attacks. Information Security Technical Report, 8(1):30 -- 44, 2003.
[13]
C. Percival. Cache missing for fun and profit, 2005.
[14]
T. Sherwood, E. Perelman, G. Hamerly, S. Sair, and B. Calder. Discovering and exploiting program phases. Micro, IEEE, 23(6):84 -- 93, nov.-dec. 2003.
[15]
Z. Wang and R. Lee. A novel cache architecture with enhanced performance and security. In Microarchitecture, 2008. MICRO-41. 2008 41st IEEE/ACM International Symposium on, pages 83--93, nov. 2008.
[16]
Z. Wang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. SIGARCH Comput. Archit. News, 35:494--505, June 2007.

Cited By

View all
  • (2023)ENIGMAPProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620463(4033-4050)Online publication date: 9-Aug-2023
  • (2019)Quantifying the Information Leakage in Cache Attacks via Symbolic ExecutionACM Transactions on Embedded Computing Systems10.1145/328875818:1(1-27)Online publication date: 8-Jan-2019
  • (2018)Cache-oblivious and data-oblivious sorting and applicationsProceedings of the Twenty-Ninth Annual ACM-SIAM Symposium on Discrete Algorithms10.5555/3174304.3175448(2201-2220)Online publication date: 7-Jan-2018
  • Show More Cited By
  1. Side-channel vulnerability factor: a metric for measuring information leakage

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ISCA '12: Proceedings of the 39th Annual International Symposium on Computer Architecture
    June 2012
    584 pages
    ISBN:9781450316422
    • cover image ACM SIGARCH Computer Architecture News
      ACM SIGARCH Computer Architecture News  Volume 40, Issue 3
      ISCA '12
      June 2012
      559 pages
      ISSN:0163-5964
      DOI:10.1145/2366231
      Issue’s Table of Contents

    Sponsors

    Publisher

    IEEE Computer Society

    United States

    Publication History

    Published: 09 June 2012

    Check for updates

    Qualifiers

    • Research-article

    Conference

    ISCA '12
    Sponsor:

    Acceptance Rates

    ISCA '12 Paper Acceptance Rate 47 of 262 submissions, 18%;
    Overall Acceptance Rate 543 of 3,203 submissions, 17%

    Upcoming Conference

    ISCA '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)89
    • Downloads (Last 6 weeks)9
    Reflects downloads up to 11 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)ENIGMAPProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620463(4033-4050)Online publication date: 9-Aug-2023
    • (2019)Quantifying the Information Leakage in Cache Attacks via Symbolic ExecutionACM Transactions on Embedded Computing Systems10.1145/328875818:1(1-27)Online publication date: 8-Jan-2019
    • (2018)Cache-oblivious and data-oblivious sorting and applicationsProceedings of the Twenty-Ninth Annual ACM-SIAM Symposium on Discrete Algorithms10.5555/3174304.3175448(2201-2220)Online publication date: 7-Jan-2018
    • (2018)Analyzing Cache Side Channels Using Deep Neural NetworksProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274715(174-186)Online publication date: 3-Dec-2018
    • (2018)Position Paper: A case for exposing extra-architectural state in the ISAProceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3214292.3214300(1-6)Online publication date: 2-Jun-2018
    • (2017)Quantifying the information leak in cache attacks via symbolic executionProceedings of the 15th ACM-IEEE International Conference on Formal Methods and Models for System Design10.1145/3127041.3127044(25-35)Online publication date: 29-Sep-2017
    • (2016)Power attack defenseACM SIGARCH Computer Architecture News10.1145/3007787.300118944:3(493-505)Online publication date: 18-Jun-2016
    • (2016)Power attack defenseProceedings of the 43rd International Symposium on Computer Architecture10.1109/ISCA.2016.50(493-505)Online publication date: 18-Jun-2016
    • (2015)M2RProceedings of the 24th USENIX Conference on Security Symposium10.5555/2831143.2831172(447-462)Online publication date: 12-Aug-2015
    • (2015)AuthenticacheProceedings of the 48th International Symposium on Microarchitecture10.1145/2830772.2830814(128-140)Online publication date: 5-Dec-2015
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media