Threat potential assessment of power management related data leaks
OPEN ACCESS
Loading...
Author / Producer
Date
2020
Publication Type
Doctoral Thesis
ETH Bibliography
yes
Citations
Altmetric
OPEN ACCESS
Data
Rights / License
Abstract
Modern computing systems rely heavily on power management to accomplish two main tasks: (i) efficient use of the available energy resources, (ii) prevention of the device from suffering damage by exceeding its physical limitation. The power management system tries to achieve these two goals by enacting policies that, at the same time, aim to reduce the performance penalty experienced by the user. To achieve this, the power management uses the system utilisation and device characteristics, such as thermal behaviour, power dissipation or operating frequency. Therefore, there is a link between the execution of applications and these power management related device characteristics.
Due to the high computing power available, devices are increasingly shared among multiple application domains or multiple users. For example, a smartphone might be used for private and business applications, or multiple users might reside on the same physical server. To guarantee the security of confidential data in such a shared setup, data and application-dependent information must be confined. Confidential information must not be revealed to third parties without the consent of the data owner. Therefore, researchers have increased their efforts to develop security frameworks to enforce this confinement, for example, by using virtualisation techniques. However, data leaks based on shared resources pose a major threat towards such a security framework. As the behaviour of the power management system influences all application or user domains on a device, the power management system is regarded as a potential source for such data leaks. While the research community has increased their focus on side and covert channel attacks, several challenges related to these attacks remain. For instance, executing a data leak analysis in a reproducible, comparable and exhaustive fashion requires substantial investments of time and engineering resources. This is due to the nature of data leaks being caused by the interplay of different system components, which makes it difficult to detect, reproduce and analyse them on different devices. Therefore, a methodology is needed to support reproducible, comparable and expressive analysis results and tools that help to reduce the effort needed to execute an exhaustive data leak analysis. Furthermore, while many data leaks have been discovered in recent years, little attention has been given to security implications of the power management in multicore systems.
In this thesis, we attempt to solve these challenges and investigate the threat potential of power management related data leaks in multicore systems. We summarise the main contributions as follows:
* We define a novel methodology to analyse covert channels exhaustively. This methodology helps to derive expressive metrics for assessing the threat potential of covert channels. Furthermore, we are the first to provide a measurement automation toolkit which implements the methodology. Due to its design, this toolkit allows us to apply the methodology to a variety of target platforms.
* We outline a novel procedure to derive upper channel capacity bounds for continuous covert channels. Furthermore, compared to previous work, we improve throughputs of thermal covert channels in multicore systems by applying a more sophisticated communication scheme.
* We are the first to analyse the power covert channel in current multicore systems exhaustively. In addition, we illustrate the derivation of upper channel capacity bounds for such discrete covert channels.
* We present a communication model and provide an in-depth analysis of the frequency covert channel. Moreover, we are the first to use a Recurrent Neural Network (RNN) for symbol decoding in a frequency covert channel setup.
* We establish a novel side channel attack based on system temperatures to extract runtime information from mobile devices. This side channel attack uses Neural Network time-sequence labelling models. Furthermore, we present a method for thermal data augmentation to reduce the necessary measurement effort to generate a suitable training data set.
The presented methods and findings are based on extensive experimental evaluations. We publish the tools used in these experiments and the acquired data along with this thesis, to support comparability and reproducibility of our results.
Permanent link
Publication status
published
External links
Editor
Contributors
Examiner : Thiele, Lothar
Examiner : Atienza, David
Book title
Journal / series
Volume
Pages / Article No.
Publisher
ETH Zurich
Event
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Power Management; Security; Covert channels; Side channel
Organisational unit
03429 - Thiele, Lothar (emeritus) / Thiele, Lothar (emeritus)
Notes
Funding
644080 - SAFety and secURity by design for interconnected mixed-critical cyber-physical systems (SBFI)
Related publications and datasets
Has part: https://doi.org/10.3929/ethz-b-000418184
Has part: https://doi.org/10.3929/ethz-b-000418163
Has part: https://doi.org/10.3929/ethz-b-000418166
Has part: https://doi.org/10.3929/ethz-b-000418174
Has part: https://doi.org/10.3929/ethz-b-000418183
Has part: