It's been a while since the recognition explosion they got back in 2019, but preventing side-channel attacks is still an important part of our cybersecurity. An exotic approach towards information stealing, side-channel attacks marred CPU designs from both AMD and Intel, with vulnerabilities proving severe enough that companies preferred to roll out performance-degrading patches rather than let customers operate in insecure hardware. Now, a new MIT framework by the name of Metior aims to improve the world's capability to better understand side-channel attacks and perhaps improve how to defend against them.
Metior is an analysis framework built by the Massachusetts Institute of Technology that aims to simplify hardware and software design frameworks to improve defense capabilities against known (and unknown) side-channel attacks. Essentially, Metior enables engineers to quantitatively evaluate how much information an attacker can steal with a given side-channel attack.
It's essentially a simulation sandbox, where chip designers and other engineers can find what combination of defenses maximizes their protection against side-channel attacks, according to their use-case. Because you can quantitively measure how much information is stolen, you can calculate the impact of it being stolen (according to your system and program and every other variable), which means you can now decide to bake in protections from the most impactful types of attacks.
By looking at the underlying problem - that side-channel attacks are made possible by the simple operation of a computer system, and that hardware mitigations are costly and not always overlapping - MIT managed to collate what amounts to a series of design rules.
These design rules are meant to maximize hardware-level defense against a variety of side-channel attack techniques, while also attempting to emulate them so they can be better understood. This is a departure from the slightly more haphazard defense method undertaken by companies whose products were vulnerable to side-channel attacks (such as Intel). To be fair, that approach - to provide hardware mitigations against specific side-channel attack vectors - was needed in order to stem the trust decline caused by it being vulnerable to the exploit in the first place. But those solutions are like bandages on open wounds, cost way too much performance (such as 35% on a particular Spectre-v2 vulnerability), and side-channel defense requires something more robust and multifaceted.
Speaking with SciTechDaily, Peter Deutsch, a graduate student and lead author of an open-access paper on Metior, explains that “Metior helps us recognize that we shouldn’t look at these security schemes in isolation. It is very tempting to analyze the effectiveness of an obfuscation scheme for one particular victim, but this doesn’t help us understand why these attacks work," he said. "Looking at things from a higher level gives us a more holistic picture of what is actually going on,” he concluded.
Side-channel attacks are a particularly superstitious type: through them, attackers don't even need access to any specific application logic to steal information from it, they can simply observe how it operates. How much time does it spend accessing the computers' memory? How deep was that memory flush? And remember that this happens in various components within your PC: even GPUs are vulnerable to this type of attack.
It's almost the same as putting your fingers to your wrist to feel your pulse: you can tell your heartbeat, but you're extrapolating it from other information sources; you don't need to look inside your container (your heart, body) or directly see your blood flow. Side-channel attacks generally work in the same way; attackers can steal precious information just by observing traffic and flow at key moments in a given program's operation.
You can imagine how hard and expensive it is to mask something like someone's heartbeat, and that's part of the difficulty with protecting from side-channel attacks. But typically, protection from these data-stealing attacks is secured through obfuscation: by trying to hide the computer system's equivalent to a pulse (the information passing between its memory and CPU).
So if a side-channel attack is looking for a pattern of memory accesses, for instance, one way to obfuscate that would be to change the way the program accesses memory: by making it fetch other, unnecessary memory bits, by flushing and caching through more information cycles... you name it. The goal is simply to interrupt the predictable string of bits that give side-channel attackers their needed information.
This is difficult, and costs performance, because security is being achieved by actively "scrambling" the information that's still being produced and leaked just by executing the program itself. And it also costs development dollars, because most of the techniques to scramble these "organic" computing signals need other, superfluous operations to occur in order to "obfuscate" the real patterns that attackers are looking for. Anything in computing that costs energy and computing cycles ultimately hurts performance.
“Any kind of microprocessor development is extraordinarily expensive and complicated, and design resources are extremely scarce. Having a way to evaluate the value of a security feature is extremely important before a company commits to microprocessor development. This is what Metior allows them to do in a very general way,” Emer says.
And in a very general way, it's also what every organism and organization on the planet wants to achieve: to work smarter, not harder.
