The new approach developed at MIT evaluates the potential for an adversary to circumvent a given security mechanism in order to steal confidential data.
To calculate how much sensitive data an attacker may extract from a computer program, researchers have developed a way to simulate how easily a hacker could get around a specific cybersecurity technique.
A skilled hacker can figure out sensitive data like a password by monitoring a program’s actions, such as how long it takes the program to access memory.
The computing costs of security measures that fully prevent these “side-channel attacks” make them impractical for many practical systems. Instead, obfuscation strategies are used by engineers to reduce an attacker’s capacity to discover sensitive information but not completely.
Engineers and scientists can benefit from a framework developed by MIT researchers to objectively evaluate the amount of information an attacker could learn from a victim program using different obfuscation strategies.
Metior is their methodology for investigating the effects of varying victim programs, attacker techniques, and obfuscation scheme settings on the volume of leakage. In the early stages of chip design, the framework might be used by engineers to assess the efficacy of several security schemes and select the most promising architecture.
We shouldn’t evaluate these security methods in a vacuum, and Metior shows us why. While it’s easy to focus on the success of an obfuscation method for a single victim, doing so provides no insight into the underlying mechanisms at play in these kinds of attacks. Graduate student and principal author of an open-access work on Metior Peter Deutsch argues that taking a bird’s eye view of the situation helps us see the big picture.
Weon Taek Na, a graduate student in EECS at MIT, Thomas Bourgeat, an assistant professor at EPFL, Joel Emer, a professor of the practice in EECS and computer science at MIT, and Mengjia Yan, the Homer A. Burnell Career Development Assistant Professor of EECS at MIT and a member of Deutsch’s research group, all contributed to the paper. At last week’s International Symposium on Computer Architecture, the findings were unveiled.
Illuminating obfuscation
Many different obfuscation strategies exist, but the most common ones make it more difficult for an attacker to discover secrets by introducing randomness into the victim’s behavior. As an illustration, an obfuscation method could have a program access more memory than it needs to in order to throw off an attacker. Others modify a victim’s access patterns to memory or a shared resource to make it more difficult for an attacker to discern clear patterns.
This makes it more difficult for an attacker to succeed, yet the victim’s information still “leaks” in some way. Yan and her group are eager to learn the exact figure.
CaSA was a tool they’d created to measure the data loss caused by a specific obfuscation technique. However, they aimed higher with Metior. The group’s goal was to arrive at a uniform model that could be used to evaluate any obfuscation technique, including those that haven’t been created yet.
Metior was developed to accomplish this by randomly mapping the information transmission in an obfuscation strategy. For instance, the model provides a formalization of the ways in which a victim and an attacker share the same memory or other components of a computer chip.
That mathematical model is derived by One Metior, a framework that makes use of information-theoretic methods to comprehend how an attacker can get knowledge about a victim. Metior can then calculate the likelihood that an attacker will correctly guess the victim’s secret information given those parameters.
We reduce the complexities of this microarchitectural side-channel to a mathematical equation. Once we do so, Deutsch adds, “we’ll be able to investigate a wide range of tactics and develop a deeper comprehension of how subtle adjustments might bolster your defenses against data leaks.
Surprising insights
In three case studies, they used Metior to examine the efficacy of modern obfuscation techniques and the extent to which information was leaked during an attack. By evaluating it, they saw how Metior can pick up on novel behaviors that haven’t been properly explored before.
An example of a successful side-channel assault is the probabilistic prime and probe attack, which profiles the victim system in order to learn its defenses before launching the actual attack.
By utilizing Metior, they demonstrate that this sophisticated attack is no more effective than a basic generic one and that it takes advantage of victim behavior in ways that have been overlooked by researchers.
In the future, the team hopes to further improve Metior to the point that it can effectively evaluate even the most complex obfuscation strategies. More research into the most common protections is also desired, as is investigation into new forms of obfuscation and victim software kinds.
Researchers expect their results will encourage others to look into early-stage chip design microarchitectural security evaluation approaches.
“Microprocessor development of any kind is exceedingly difficult, time-consuming, and costly, and there is a severe lack of available design resources. Before investing time and money into developing a microprocessor, it is crucial for a corporation to be able to assess the value of a security feature. Emer explains that this is made possible by Metior in a broad sense.