Visible to the public A Monitoring Framework for Side-Channel Information Leaks

TitleA Monitoring Framework for Side-Channel Information Leaks
Publication TypeConference Paper
Year of Publication2020
AuthorsLescisin, M., Mahmoud, Q. H.
Conference Name2020 IEEE International Conference on Consumer Electronics (ICCE)
Date PublishedJan. 2020
PublisherIEEE
ISBN Number978-1-7281-5186-1
Keywordsclassical exploitation techniques, command injection attacks, composability, computer engineering, computer network security, computer systems, cryptography, data privacy, exploitation framework, indirect means, injection tools, known design patterns, learning (artificial intelligence), memory corruption, Metrics, monitor ambient light, monitoring framework, penetration testing tools, popular memory safety, privacy, private information, program security requirements, pubcrawl, recent computer security research, resilience, Resiliency, sensitive information, side-channel detection, side-channel information leaks, side-channel research, side-channel sources
Abstract

Security and privacy in computer systems has always been an important aspect of computer engineering and will continue to grow in importance as computer systems become entrusted to handle an ever increasing amount of sensitive information. Classical exploitation techniques such as memory corruption or shell command injection have been well researched and thus there exists known design patterns to avoid and penetration testing tools for testing the robustness of programs against these types of attacks. When it comes to the notion of program security requirements being violated through indirect means referred to as side-channels, testing frameworks of quality comparable to popular memory safety or command injection tools are not available. Recent computer security research has shown that private information may be indirectly leaked through side-channels such as patterns of encrypted network traffic, CPU and motherboard noise, and monitor ambient light. This paper presents the design and evaluation of a side-channel detection and exploitation framework that follows a machine learning based plugin oriented architecture thus allowing side-channel research to be conducted on a wide-variety of side-channel sources.

URLhttps://ieeexplore.ieee.org/document/9042987
DOI10.1109/ICCE46568.2020.9042987
Citation Keylescisin_monitoring_2020