TWC: TTP Option: Small: Differential Introspective Side Channels --- Discovery, Analysis, and Defense

TWC：TTP 选项：小：差异内省侧通道 --- 发现、分析和防御

• 批准号: 1526455
• 负责人: Zhuoqing Mao
• 金额: $ 60.53万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2021-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1526455&HistoricalAwards=false
• 关键词: TWC; TTP; Option; Small; Differential

Side channels in the security domain are known to be challenging to discover and eliminate systematically. Nevertheless, they can lead to a variety of stealthy attacks seriously compromising cybersecurity. This work focuses on an important class of side channels that are fundamental to the operations of networked systems. Rather than constantly reacting to newly discovered side channels because of security breaches with ad-hoc patches, this work enables the automated discovery of an important class of side channels that exist due to the inherent goal of exposing information to enable debugging and management of computing systems. This project is expected to bring a paradigm shift to the security area of side channel investigation that can bring significant economic benefits of preventing a diverse set of cyberattacks. This project also has important educational and workforce training benefits for both undergraduate and graduate students, in addition to the broader dissemination of the findings through applicable standards processes to ensure operational adoption.This research investigates an entirely new class of side channel attacks against networked systems such as network stacks that can lead to significant damage to user privacy, network security, and application integrity. An example feature about this class of attacks is the requirement of actively injecting carefully crafted and potentially incorrect events to trigger error conditions in a program so as to reveal their internal sensitive states, which can indirectly expose critical information. Interestingly, the attacks are inherent byproducts of network and operating system design and implementation, which are fundamentally hard to modify. In contrast to other well-known side channels that can be directly observed through passive monitoring, e.g., power and timing, this class of side channels is much more subtle to discover and also more challenging to defend against. The proposed security work helps introduce a more rigorous approach to discovering a new class of side channels, that have direct impact on the security assurance of both small systems such as mobile devices as well as large network systems such as enterprise networks. This research develops methods to systematically and rigorously detect and eliminate such side channels by leveraging both program analysis and network measurement science. The investigation to understand the tradeoffs between security guarantee and manageability of network systems leads to more practical and usable security solutions that can be deployed in practice.

众所周知，安全域中的侧通道很难系统地发现和消除。然而，它们可能导致各种秘密攻击，严重损害网络安全。这项工作重点关注一类重要的侧通道，它们对于网络系统的操作至关重要。这项工作不是因为临时补丁的安全漏洞而不断地对新发现的侧通道做出反应，而是能够自动发现一类重要的侧通道，这些侧通道的存在是由于公开信息以实现计算系统的调试和管理的固有目标。 。该项目预计将为侧通道调查的安全领域带来范式转变，从而在防止各种网络攻击方面带来显着的经济效益。除了通过适用的标准流程更广泛地传播研究结果以确保操作采用之外，该项目还为本科生和研究生带来了重要的教育和劳动力培训好处。这项研究调查了针对网络系统的全新一类侧信道攻击，例如作为网络堆栈，可能会对用户隐私、网络安全和应用程序完整性造成重大损害。此类攻击的一个示例特征是需要主动注入精心设计的可能不正确的事件来触发程序中的错误条件，从而揭示其内部敏感状态，从而间接暴露关键信息。有趣的是，这些攻击是网络和操作系统设计和实现的固有副产品，从根本上来说很难修改。 与其他众所周知的可以通过被动监控直接观察到的侧信道（例如功率和时序）相比，此类侧信道更难以发现，也更难以防御。 所提出的安全工作有助于引入更严格的方法来发现新型侧通道，这对移动设备等小型系统以及企业网络等大型网络系统的安全保证有直接影响。这项研究开发了利用程序分析和网络测量科学系统地、严格地检测和消除此类侧信道的方法。 通过研究了解网络系统的安全保障和可管理性之间的权衡，可以得出更实用、更可用的安全解决方案，可以在实践中部署。