{"title":"Side channel vulnerability metrics: the promise and the pitfalls","authors":"Tianwei Zhang, Fangfei Liu, Si Chen, R. Lee","doi":"10.1145/2487726.2487728","DOIUrl":null,"url":null,"abstract":"Side-channels enable attackers to break a cipher by exploiting observable information from the cipher program's execution to infer its secret key. While some defenses have been proposed to protect information leakage due to certain side channels, the effectiveness of these defenses have mostly been given only qualitative analysis by their authors. It is desirable to have a general quantitative method and metric to evaluate a system's vulnerability to side-channel attacks.\n In this paper, we define the features of a good side-channel leakage metric. We review a recently proposed metric called the Side-channel Vulnerability Factor (SVF) and discuss its merits and issues. We suggest the CSV metric, which tries to show how to overcome some of the shortcomings of the SVF metric, without completely changing its character. We use software cache side-channel attacks and defenses as an example to compare the metrics with known and measurable results on system leakiness.","PeriodicalId":141766,"journal":{"name":"Hardware and Architectural Support for Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"37","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Hardware and Architectural Support for Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2487726.2487728","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 37
Abstract
Side-channels enable attackers to break a cipher by exploiting observable information from the cipher program's execution to infer its secret key. While some defenses have been proposed to protect information leakage due to certain side channels, the effectiveness of these defenses have mostly been given only qualitative analysis by their authors. It is desirable to have a general quantitative method and metric to evaluate a system's vulnerability to side-channel attacks.
In this paper, we define the features of a good side-channel leakage metric. We review a recently proposed metric called the Side-channel Vulnerability Factor (SVF) and discuss its merits and issues. We suggest the CSV metric, which tries to show how to overcome some of the shortcomings of the SVF metric, without completely changing its character. We use software cache side-channel attacks and defenses as an example to compare the metrics with known and measurable results on system leakiness.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
