A Monitoring Framework for Side-Channel Information Leaks
Title | A Monitoring Framework for Side-Channel Information Leaks |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Lescisin, M., Mahmoud, Q. H. |
Conference Name | 2020 IEEE International Conference on Consumer Electronics (ICCE) |
Date Published | Jan. 2020 |
Publisher | IEEE |
ISBN Number | 978-1-7281-5186-1 |
Keywords | classical exploitation techniques, command injection attacks, composability, computer engineering, computer network security, computer systems, cryptography, data privacy, exploitation framework, indirect means, injection tools, known design patterns, learning (artificial intelligence), memory corruption, Metrics, monitor ambient light, monitoring framework, penetration testing tools, popular memory safety, privacy, private information, program security requirements, pubcrawl, recent computer security research, resilience, Resiliency, sensitive information, side-channel detection, side-channel information leaks, side-channel research, side-channel sources |
Abstract | Security and privacy in computer systems has always been an important aspect of computer engineering and will continue to grow in importance as computer systems become entrusted to handle an ever increasing amount of sensitive information. Classical exploitation techniques such as memory corruption or shell command injection have been well researched and thus there exists known design patterns to avoid and penetration testing tools for testing the robustness of programs against these types of attacks. When it comes to the notion of program security requirements being violated through indirect means referred to as side-channels, testing frameworks of quality comparable to popular memory safety or command injection tools are not available. Recent computer security research has shown that private information may be indirectly leaked through side-channels such as patterns of encrypted network traffic, CPU and motherboard noise, and monitor ambient light. This paper presents the design and evaluation of a side-channel detection and exploitation framework that follows a machine learning based plugin oriented architecture thus allowing side-channel research to be conducted on a wide-variety of side-channel sources. |
URL | https://ieeexplore.ieee.org/document/9042987 |
DOI | 10.1109/ICCE46568.2020.9042987 |
Citation Key | lescisin_monitoring_2020 |
- monitor ambient light
- side-channel sources
- side-channel research
- side-channel information leaks
- side-channel detection
- sensitive information
- Resiliency
- resilience
- recent computer security research
- pubcrawl
- program security requirements
- private information
- privacy
- popular memory safety
- penetration testing tools
- monitoring framework
- classical exploitation techniques
- Metrics
- memory corruption
- learning (artificial intelligence)
- known design patterns
- injection tools
- indirect means
- exploitation framework
- data privacy
- Cryptography
- computer systems
- computer network security
- Computer Engineering
- composability
- command injection attacks