A group of researchers from the Massachusetts Institute of Technology (MIT) has devised a framework for evaluating the effectiveness of some side-channel mitigation schemes against data leaks.
Named Metior (PDF), the framework provides a view of how programs, attacker techniques, and obfuscation scheme configurations may impact the amount of data that can be leaked via side-channel attacks.
“Metior builds upon existing information theoretic approaches, allowing for the comprehensive side-channel leakage evaluation of active attackers, real victim applications, and state-of-the-art microarchitectural obfuscation schemes,” the researchers explain.
Side-channel attacks target shared microarchitectural structures to access sensitive information, and are often mitigated through obfuscation schemes (including randomly mapped cache, memory traffic obfuscation, and degrading attacker timing granularities), altering the microarchitectural footprint to make it more difficult for the attacker to leak secrets.
Metior, which is meant to evaluate these defenses, can be used with a variety of microarchitectural obfuscation schemes, courtesy of a random variable model that incorporates both victim and attacker access patterns to shared structures on a chip, to map the flow of information through the scheme.
The researchers have used the framework to test fully-associative random replacement caches when protecting AES against cache occupancy attacks, Skewed-CEASER schemes against probabilistic prime and probe (PPP) and cache occupancy attacks, and Camouflage, an obfuscation scheme that targets ephemeral channels.
According to the researchers, Metior can be used to identify behaviors that were not fully understood before, such as the fact that, under certain configurations, a PPP attack works by exploiting cache occupancy effects instead of relying on targeted collisions.
“Metior offers key contributions in describing the side-channel information flow through these schemes for wide classes of attacks, including those which leverage both persistent and ephemeral side-channels. By extending existing work from information theory to quantify this flow, we have shown that Metior reveals interesting leakage behaviors of state-of-the-art obfuscating schemes,” the researchers note.