"MIT Researchers Devise a Way to Evaluate Cybersecurity Methods"

Observing a computer program's behavior, such as how much time it spends accessing the computer's memory, enables a skilled hacker to obtain sensitive data, such as a password. Approaches to security that completely block these side-channel attacks are so computationally costly that they are impractical for many real-world systems. Therefore, engineers often use obfuscation schemes that aim to limit, but not eliminate, an attacker's ability to discover secret information. In order to help engineers and scientists better understand the effectiveness of various obfuscation schemes, MIT researchers developed a framework to quantitatively evaluate the amount of information an attacker could glean from a victim program with an obfuscation scheme. Their framework, dubbed "Metior," helps the user examine how different victim programs, attacker strategies, and obfuscation scheme configurations impact how much sensitive information is leaked. Engineers who develop microprocessors could use the framework to evaluate the effectiveness of multiple security schemes and determine the most promising architecture early in the design process. This article continues to discuss the system devised by MIT researchers that analyzes the likelihood that an attacker could thwart a certain security scheme to steal secret information.

MIT News reports "MIT Researchers Devise a Way to Evaluate Cybersecurity Methods"