Research Results
The researcher of the IMDEA Software Institute, Pepe Vila, has sucessfully defended his PhD thesis titled: “Learning secrets and models from execution time”. Professor Boris Köpf (on leave researcher of the Institute and researcher of Microsoft Research Lab at Cambridge) was his advisor.
In his work he studies some of the problems arising on computer systems that leak information through execution time. They study several instances of how these leaks can be used to both learn secrets—of a confidential computation—and models—of an underlying component—, providing examples that violate previous assumptions about systems’ security or about the attackers’ capabilities.
He studies in particular, time leakage under three different scenarios, providing multiple independent contributions in each of them:
First, he shows that event-driven software systems are susceptible to side- channel attacks. The key observation is that event loops form a resource that can be shared between mutually distrusting programs. Hence, con- tention of this resource by one program can be observed by the others through variations in the time the latter processes take for dispatching their events. We exploit two different shared event loops in the Chrome web browser, and use the information obtained in three different attacks: for web page fingerprinting, for keystroke detection, and for a cross-origin covert channel.
Then, he reveals that the contributions are both theoretical and practical. On the theoretical side, we formalize the problem of finding minimal eviction sets, a key primitive for several microarchitectural attacks, and devise novel algorithms that improve the state-of-the-art from quadratic to linear. On the practical side, we perform a rigorous empirical analysis that exhibits the conditions under which our algorithms succeed or fail.
Finally, he presents a practical end-to-end solution for inferring deterministic cache replacement policies using off-the-shelf techniques for automata learning and program synthesis. The enabling contribution is a chain of two abstractions: a clean interface to the hardware cache replacement poli- cies based on timing measurements on a silicon CPU; and a mapper that exposes a membership oracle to the cache replacement policy abstracting away the details regarding cache content management.
In conclusion, the results of Pepe Vila’s thesis constitute an evidence that better models and quantification methods -for both software and hardware systems-, are required in order to reason about the soundness and trade-offs of security countermeasures; and provide a basis for principled countermeasures against, or paths for further improving the efficiency of, several side channel attacks.
