16,697 research outputs found
Novel classes of side channels and covert channels
When assessing the security of security-critical systems, it is crucial to consider conceptually new attacks, as appropriate countermeasures can only be implemented against known threats. Consequently, in this thesis we explore new classes of attacks and evaluate countermeasures. Our contribution is three-fold. We identify two previously unknown side channel attacks, i.e., attacks that exploit unintended information leakage. First, we consider optical emanations, i.e., the unavoidable emanation of every monitor. We demonstrate how to exploit tiny reflections in stationary objects and the human eye, and even diffuse reflections in objects such as the user';s shirt. Second, we study acoustic emanations of dot-matrix printers and show that the printed text can be reconstructed from a recording of the sound emitted while printing. Furthermore, we demonstrate a conceptually new covert channel: whereas side channels leak information unintentionally, in a covert channel there is an explicit sender that cooperates with the receiver. We present a new covert channel in the peer-reviewing process in scientific publishing that reveals the reviewer';s identity to the author. We additionally expose several related problems in the design of the PostScript language.Das Aufdecken neuer Arten von Angriffen ist wichtig zur Verbesserung der Sicherheit von sicherheitskritischen Systemen, da nur für bekannte Angriffe Gegenmaßnahmen ergriffen werden können. Deshalb untersuchen wir in dieser Arbeit neue Arten von Angriffen sowie geeignete Gegenmaßnahmen. Die Arbeit gliedert sich in drei Teile. Zunächst demonstrieren wir zwei neue Seitenkanalangriffe, also Angriffe die unbeabsichtigte Informationslecks ausnutzen. Zum Einen betrachten wir optische Abstrahlungen von Monitoren. Wir zeigen, dass das Bild des Monitors aus Reflexionen in verschiedenen Objekten rekonstruiert werden kann: aus winzigen Reflexionen in vielen stationären Objekten sowie im menschlichen Auge, und sogar aus diffusen Reflexionen beispielsweise auf dem Hemd eines Nutzers. Zum Anderen untersuchen wir die akustischen Abstrahlungen von Nadeldruckern und zeigen, dass der gedruckte Text aus einer Aufnahme der Druckgeräusche rekonstruiert werden kann. Des Weiteren demonstrieren wir einen neuen verdeckten Kanal: Während Seitenkanäle normalerweise durch unvorsichtige Implementierung entstehen, werden die Daten auf einem verdeckten Kanal absichtlich übertragen. Wir demonstrieren einen neuen verdeckten Kanal im Peer-Review-Prozess zur Begutachtung wissenschaftlicher Publikationen, welcher die Identität der Gutachter offenlegt. Darüberhinaus weisen wir auf mehrere grundlegende Probleme im Design der PostScript Sprache hin
A Taxonomy for Attack Patterns on Information Flows in Component-Based Operating Systems
We present a taxonomy and an algebra for attack patterns on component-based
operating systems. In a multilevel security scenario, where isolation of
partitions containing data at different security classifications is the primary
security goal and security breaches are mainly defined as undesired disclosure
or modification of classified data, strict control of information flows is the
ultimate goal. In order to prevent undesired information flows, we provide a
classification of information flow types in a component-based operating system
and, by this, possible patterns to attack the system. The systematic
consideration of informations flows reveals a specific type of operating system
covert channel, the covert physical channel, which connects two former isolated
partitions by emitting physical signals into the computer's environment and
receiving them at another interface.Comment: 9 page
A software approach to defeating side channels in last-level caches
We present a software approach to mitigate access-driven side-channel attacks
that leverage last-level caches (LLCs) shared across cores to leak information
between security domains (e.g., tenants in a cloud). Our approach dynamically
manages physical memory pages shared between security domains to disable
sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It
also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe"
attacks in LLCs. We have implemented our approach as a memory management
subsystem called CacheBar within the Linux kernel to intervene on such side
channels across container boundaries, as containers are a common method for
enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through
formal verification, principled analysis, and empirical evaluation, we show
that CacheBar achieves strong security with small performance overheads for
PaaS workloads
- …