Side-channel attacks that leak sensitive information through a computing
device's interaction with its physical environment have proven to be a severe
threat to devices' security, particularly when adversaries have unfettered
physical access to the device. Traditional approaches for leakage detection
measure the physical properties of the device. Hence, they cannot be used
during the design process and fail to provide root cause analysis. An
alternative approach that is gaining traction is to automate leakage detection
by modeling the device. The demand to understand the scope, benefits, and
limitations of the proposed tools intensifies with the increase in the number
of proposals.
In this SoK, we classify approaches to automated leakage detection based on
the model's source of truth. We classify the existing tools on two main
parameters: whether the model includes measurements from a concrete device and
the abstraction level of the device specification used for constructing the
model. We survey the proposed tools to determine the current knowledge level
across the domain and identify open problems. In particular, we highlight the
absence of evaluation methodologies and metrics that would compare proposals'
effectiveness from across the domain. We believe that our results help
practitioners who want to use automated leakage detection and researchers
interested in advancing the knowledge and improving automated leakage
detection