A Monitoring Framework for Side-Channel Information Leaks

Michael Lescisin, Qusay H. Mahmoud
2020 2020 IEEE International Conference on Consumer Electronics (ICCE)  
The above committee determined that the thesis is acceptable in form and content and that a satisfactory knowledge of the field covered by the thesis was demonstrated by the candidate during an oral examination. A signed copy of the Certificate of Approval is available from the School of Graduate and Postdoctoral Studies. Abstract A Monitoring Framework for Side-Channel Information Leaks Security and privacy in computer systems is becoming an ever important field of study as the information
more » ... lable on these systems is of ever increasing value. The state of research on direct security attacks to computer systems, such as exploiting memory safety errors or exploiting unfiltered inputs to shells is at an advanced state and a rich set of security testing tools are available for testing software against these common types of attacks. Machinelearning based intrusion detection systems which monitor system activity for suspicious patterns are also available and are commonly deployed in production environments. What is missing, however, is the consideration of implicit information flows, or side-channels. One significant factor which has been holding back development on side-channel detection and mitigation is the very broad scope of the topic. Research in this topic has revealed sidechannels formed by observable signals such as acoustic noise from a CPU, encrypted network traffic patterns, and ambient monitor light. Furthermore, there currently exists no portable method for distributing test cases for side-channels -as does for other security tests such as recon-ng for network footprinting. This thesis introduces a framework based on interoperable components for the purpose of modelling an adversary and generating feedback on what the adversary is capable of learning through the monitoring of a myriad of adversary-observable side-channel information sources. The framework operates by monitoring two data streams; the first being the stream of adversary-observable side-channel cues, and the second being the stream of private system activity. These data streams are ultimately used for the training and evaluation of a selected machine learning classifier to determine its performance of private system activity prediction. A prototype has been built to evaluate the effects of side-channel information leaks on five common computer system use cases. ii
doi:10.1109/icce46568.2020.9042987 dblp:conf/iccel/LescisinM20 fatcat:tedyne4qavhgvletmjhlapo7c4