Threat potential assessment of power management related data leaks

Abstract

Modern computing systems rely heavily on power management to accomplish two main tasks: (i) efficient use of the available energy resources, (ii) prevention of the device from suffering damage by exceeding its physical limitation. The power management system tries to achieve these two goals by enacting policies that, at the same time, aim to reduce the performance penalty experienced by the user. To achieve this, the power management uses the system utilisation and device characteristics, such as thermal behaviour, power dissipation or operating frequency. Therefore, there is a link between the execution of applications and these power management related device characteristics. Due to the high computing power available, devices are increasingly shared among multiple application domains or multiple users. For example, a smartphone might be used for private and business applications, or multiple users might reside on the same physical server. To guarantee the security of confidential data in such a shared setup, data and application-dependent information must be confined. Confidential information must not be revealed to third parties without the consent of the data owner. Therefore, researchers have increased their efforts to develop security frameworks to enforce this confinement, for example, by using virtualisation techniques. However, data leaks based on shared resources pose a major threat towards such a security framework. As the behaviour of the power management system influences all application or user domains on a device, the power management system is regarded as a potential source for such data leaks. While the research community has increased their focus on side and covert channel attacks, several challenges related to these attacks remain. For instance, executing a data leak analysis in a reproducible, comparable and exhaustive fashion requires substantial investments of time and engineering resources. This is due to the nature of data leaks being caused by the interplay of different system components, which makes it difficult to detect, reproduce and analyse them on different devices. Therefore, a methodology is needed to support reproducible, comparable and expressive analysis results and tools that help to reduce the effort needed to execute an exhaustive data leak analysis. Furthermore, while many data leaks have been discovered in recent years, little attention has been given to security implications of the power management in multicore systems. In this thesis, we attempt to solve these challenges and investigate the threat potential of power management related data leaks in multicore systems. We summarise the main contributions as follows: * We define a novel methodology to analyse covert channels exhaustively. This methodology helps to derive expressive metrics for assessing the threat potential of covert channels. Furthermore, we are the first to provide a measurement automation toolkit which implements the methodology. Due to its design, this toolkit allows us to apply the methodology to a variety of target platforms. * We outline a novel procedure to derive upper channel capacity bounds for continuous covert channels. Furthermore, compared to previous work, we improve throughputs of thermal covert channels in multicore systems by applying a more sophisticated communication scheme. * We are the first to analyse the power covert channel in current multicore systems exhaustively. In addition, we illustrate the derivation of upper channel capacity bounds for such discrete covert channels. * We present a communication model and provide an in-depth analysis of the frequency covert channel. Moreover, we are the first to use a Recurrent Neural Network (RNN) for symbol decoding in a frequency covert channel setup. * We establish a novel side channel attack based on system temperatures to extract runtime information from mobile devices. This side channel attack uses Neural Network time-sequence labelling models. Furthermore, we present a method for thermal data augmentation to reduce the necessary measurement effort to generate a suitable training data set. The presented methods and findings are based on extensive experimental evaluations. We publish the tools used in these experiments and the acquired data along with this thesis, to support comparability and reproducibility of our results.