Walls Have Ears: Eavesdropping User Behaviors via Graphics-Interrupt-Based Side Channel

Ma, Haoyu; Tian, Jianwen; Gao, Debin; Jia, Chunfu

doi:10.1007/978-3-030-62974-8_11

Cited by 4 publications

(1 citation statement)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Linux, all reported interrupts are counted by the kernel and logged in the system file /proc/interrupts, which can be accessed by any process. Several attacks exploit such statistical information to monitor application activities [68], monitor keystroke timings and user behaviors on touch screens [15], and detect website content [48]. Fortunately, these attacks are easy to mitigate as one could simply disable non-privileged access to the interrupt pseudo-file.…”

Section: Related Work 71 Interrupt-related Attacksmentioning

confidence: 99%

There’s Always a Bigger Fish: A Clarifying Analysis of a Machine-Learning-Assisted Side-Channel Attack

et al. 2023

View full text Add to dashboard Cite

Machine learning has made it possible to mount powerful attacks through side channels that have traditionally been seen as challenging to exploit. However, due to the black-box nature of machine learning models, these attacks are often difficult to interpret correctly. Models that detect correlations cannot be used to prove causality or understand an attack's various sources of information leakage.In this paper, we show that a state-of-the-art website-fingerprinting attack powered by machine learning was only partially analyzed. In this attack, an attacker collects cache-sweeping traces, which measure the frequency at which the entire last-level cache can be accessed over time, while a victim loads a website. A neural network is then trained on these traces to predict websites accessed by the victim. The attack's usage of the cache led to a consensus that the attack exploited a cache-based side channel. However, we provide additional analysis contradicting this assumption and clarifying the mechanisms behind this powerful attack.We first replicate the website-fingerprinting attack without making any cache accesses, demonstrating that memory accesses are not crucial to the attack's success and may even inhibit its performance. We then search for the primary source of information leakage in our new attack by analyzing the effects of various isolation mechanisms and by instrumenting the Linux kernel. We ultimately find that this attack's success can be attributed primarily to system interrupts. Finally, we use this analysis to craft highly practical and effective defense mechanisms against our attack. CCS CONCEPTS• Security and privacy → Side-channel analysis and countermeasures; • Computing methodologies → Supervised learning by classification.

show abstract

Section: Related Work 71 Interrupt-related Attacksmentioning

confidence: 99%