The Community for Technology Leaders
RSS Icon
Issue No.03 - May-June (2013 vol.33)
pp: 68-77
John Demme , Columbia University
Robert Martin , Columbia University
Adam Waksman , Columbia University
Simha Sethumadhavan , Columbia University
User inputs tend to change the execution characteristics of applications including their interactions with cache, network, storage, and other systems. Many attacks have exploited the observable side effects of these execution characteristics to expose sensitive information. In response, researchers have proposed countermeasures to protect against these attacks. However there is currently no systematic, holistic methodology for understanding information leakage. As a result, it is not well known how design decisions affect information leakage or the vulnerability of entire systems to side-channel attacks. The authors propose a metric for measuring information leakage called the Side-channel Vulnerability Factor (SVF). The SVF is based on the observation that all side-channel attacks—ranging from physical to microarchitectural to software—rely on recognizing leaked execution patterns. The SVF quantifies patterns in attackers' observations and measures their correlation to the victim's actual execution patterns and in doing so captures systems' predisposition to leak information. Thus, the SVF provides a quantitative approach to securing computer architecture.
Computer architecture, Encryption, Data models, Pattern recognition, Microarchitecture, Information technology, Memory management, System performance, hardware, systems architecture, integration, modeling, data encryption, data, systems and information theory, models and principles, information technology and systems, memory structures
John Demme, Robert Martin, Adam Waksman, Simha Sethumadhavan, "A Quantitative, Experimental Approach to Measuring Processor Side-Channel Security", IEEE Micro, vol.33, no. 3, pp. 68-77, May-June 2013, doi:10.1109/MM.2013.23
1. Y. Zhang et al., "Cross-VM Side Channels and Their Use to Extract Private Keys," Proc. 2012 ACM Conf. Computer and Communications Security (CCS 12), ACM, 2012, pp. 305-316.
2. S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards, Springer, 2007.
3. C. Percival, "Cache Missing for Fun and Profit," Proc. BSDCan 05, 2005;
4. D.A. Osvik, A. Shamir, and E. Tromer, "Cache Attacks and Countermeasures: The Case of AES," Proc. Cryptographers' Track at the RSA Conf. Topics in Cryptology (CT-RSA 06), Springer, 2006.
5. D. Gullasch, E. Bangerter, and S. Krenn, "Cache Games—Bringing Access-Based Cache Attacks on AES To Practice," Proc. IEEE Symp. Security and Privacy (SP 11), IEEE, 2011, pp. 490-505.
6. J. Demme et al., "Side-Channel Vulnerability Factor: A Metric for Measuring Information Leakage," Proc. 39th Int'l Symp. Computer Architecture (ISCA 12), IEEE, 2012, pp. 106-117.
7. T. Sherwood et al., "Discovering and Exploiting Program Phases," IEEE Micro, vol. 23, no. 6, 2003, pp. 84-93.
3 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool