"A Security Technique to Fool Would-Be Cyber Attackers"

Researchers at the Massachusetts Institute of Technology (MIT) have demonstrated a new technique that protects a computer program's secret information from attackers while enabling faster computation. Multiple programs running on the same computer may not be capable of directly accessing each other's hidden information. However, as they share the same memory hardware, their secrets could be stolen by a malicious program through the performance of a memory timing side-channel attack. The malicious program detects delays when it attempts to access a computer's memory because the hardware is shared by all the programs using the machine. It can then gather another program's secrets, such as a password or cryptographic key, by interpreting those delays. One method to prevent these attacks is to enable only one program at a time to use the memory controller, but this significantly slows down the computation. Therefore, the MIT researchers devised a new approach that allows memory-sharing to continue while providing robust defense against this type of side-channel attack. Their method can speed up programs by 12 percent compared to state-of-the-art security schemes. According to the researchers, their technique could be applied to various types of side-channel attacks that target shared computing resources. The scheme developed by the team shapes a program’s memory requests into a predefined pattern that is independent of when the program needs to use the memory controller. Before a program accesses the memory controller and interferes with another program’s memory request, it must go through a request shaper that uses a graph structure. This structure processes requests and sends them to the memory controller on a fixed schedule. The graph is called a Directed Acyclic Graph (DAG), so the team’s security scheme is dubbed DAGguise. The researchers tested DAGguise by simulating its performance in a real implementation. They continuosly sent signals to the memory controller, simulating how an attacker would try to determine another program’s memory access patterns. They verified that no private data were leaked with any attempt. Then they used a simulated computer to determine how their system could improve performance compared to other security approaches. This article continues to discuss the MIT team's demonstration of their method aimed at safeguarding a computer program’s secret information while enabling faster computation.

MIT News Office reports "A Security Technique to Fool Would-Be Cyber Attackers"