TY - GEN
T1 - Side channel vulnerability metrics
T2 - 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013
AU - Zhang, Tianwei
AU - Chen, Si
AU - Liu, Fangfei
AU - Lee, Ruby B.
PY - 2013
Y1 - 2013
N2 - Side-channels enable attackers to break a cipher by exploiting observable information from the cipher program's execution to infer its secret key. While some defenses have been proposed to protect information leakage due to certain side channels, the effectiveness of these defenses have mostly been given only qualitative analysis by their authors. It is desirable to have a general quantitative method and metric to evaluate a system's vulnerability to side-channel attacks. In this paper, we define the features of a good side-channel leakage metric. We review a recently proposed metric called the Side-channel Vulnerability Factor (SVF) and discuss its merits and issues. We suggest the CSV metric, which tries to show how to overcome some of the shortcomings of the SVF metric, without completely changing its character. We use software cache side-channel attacks and defenses as an example to compare the metrics with known and measurable results on system leakiness.
AB - Side-channels enable attackers to break a cipher by exploiting observable information from the cipher program's execution to infer its secret key. While some defenses have been proposed to protect information leakage due to certain side channels, the effectiveness of these defenses have mostly been given only qualitative analysis by their authors. It is desirable to have a general quantitative method and metric to evaluate a system's vulnerability to side-channel attacks. In this paper, we define the features of a good side-channel leakage metric. We review a recently proposed metric called the Side-channel Vulnerability Factor (SVF) and discuss its merits and issues. We suggest the CSV metric, which tries to show how to overcome some of the shortcomings of the SVF metric, without completely changing its character. We use software cache side-channel attacks and defenses as an example to compare the metrics with known and measurable results on system leakiness.
UR - http://www.scopus.com/inward/record.url?scp=84882309050&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84882309050&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84882309050
SN - 9781450321181
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013
Y2 - 23 June 2013 through 24 June 2013
ER -