A knowledgeable hacker can access confidential information, like a password, by observing how a computer program behaves, such as how much time it spends accessing memory.
Completely blocking these "side-channel attacks" is often too computationally expensive for many real-world systems. Instead, engineers typically implement obfuscation schemes that limit an attacker's ability to learn sensitive information without eliminating it. To help engineers and scientists evaluate the effectiveness of different obfuscation schemes, researchers at MIT have developed a framework called Metior.
This framework allows users to quantitatively measure the amount of information an attacker could learn from a victim program with an obfuscation scheme in place. Users can assess the level of leaked sensitive information by studying various victim programs, attacker strategies, and obfuscation scheme configurations.
This framework could benefit microprocessor developers in evaluating multiple security schemes early in the chip design process and determining which architecture shows the most promise. Peter Deutsch, the lead author of an open-access paper on Metior and a graduate student at MIT, emphasizes that viewing security schemes holistically rather than in isolation is essential. Understanding why these attacks work requires looking at things from a higher-level perspective.
Other co-authors include:
- Weon Taek Na (MIT graduate student in electrical engineering and computer science).
- Thomas Bourgeat (assistant professor at EPFL).
- Joel Emer (MIT professor of the practice in computer science and electrical engineering).
- Mengjia Yan (Assistant Professor of Electrical Engineering and Computer Science at MIT).
The research was recently presented at the International Symposium on Computer Architecture. The topic at hand is illumination obfuscation.
While there are various obfuscation schemes, popular approaches typically involve adding randomization to the victim's behavior to make it more difficult for an attacker to learn secrets. For example, an obfuscation scheme may include a program accessing additional areas of computer memory to confuse an attacker rather than only accessing the critical areas. Other approaches adjust how often a victim accesses memory or shared resources to prevent clear patterns from emerging.
Although these methods make it harder for an attacker to succeed, some information still "leaks" from the victim. Yan and her team aim to determine how much information leaks.
Previously, they developed a tool called CaSA which quantifies the amount of leaked information in one particular type of obfuscation scheme. However, with Metior, their goals were more ambitious. The team wanted to create a unified model that could analyze any obfuscation scheme, including ones that haven't been developed yet.
To achieve this goal, they designed Metior to map the flow of information through an obfuscation scheme into random variables. For instance, the model mathematically represents how a victim and attacker access shared structures on a computer chip (such as memory).
Once Metior derives this mathematical representation, it uses techniques from information theory to understand how the attacker can learn information from the victim. With these elements in place, Metior can quantify the likelihood of an attacker successfully guessing the victim's secret information.
"We take all of the intricate elements of this microarchitectural side-channel and reduce them essentially into a math problem," Deutsch explains. "Once we accomplish that, we gain insight into different strategies and better understand how small adjustments can enhance defense against information leaks."
Using Metior, they conducted three case studies comparing attack strategies and analyzing information leakage from state-of-the-art obfuscation schemes.
Through their evaluations, the researchers discovered that Metior could uncover previously unknown exciting behaviors. For example, one analysis revealed that a type of side-channel attack called probabilistic prime and probe was believed to be successful due to its complex nature.
However, using Metior, it was determined that this advanced attack is no more effective than a simple attack and targets different victim behaviors than initially thought.
Moving forward, the researchers intend to enhance Metior further to analyze even the most complicated obfuscation schemes efficiently. They also plan to explore different obfuscation techniques and types of victim programs and conduct in-depth analyses of popular defense mechanisms. Ultimately, their goal is to inspire others to adopt microarchitectural security evaluation methodologies during the chip design.
According to Emer, evaluating the value of a security feature before committing to microprocessor development is crucial due to its high cost and complexity.
The researchers believe that Metior provides a valuable solution for this purpose.
This research project receives funding from various sources, including the National Science Foundation, Air Force Office of Scientific Research, Intel, and MIT RSC Research Fund.