Discover, Analyze, and Validate Attacks with Introspective Side Channels.

Abstract

Traditionally, the focus of security property ``confidentiality'' is on users' data (or application-layer information) such as password and credit card numbers. However, as network systems grow in complexity, more sensitive and internal state information is being maintained both within and external to the system, and therefore also subject to being leaked or inferred. One such example is that more features are being pushed to the middleboxes in the network which causes additional state to be kept. The leakage of such internal state can ultimately cause security breaches at the application layer.

In the thesis, a systematically identification of unintentionally revealed internal network state and its impact are presented. A new class of side channels defined as introspective side channels are summarized that can leak such internal state. Such side channels in disguise only leak seemingly trivial information.

The security analysis of the above problem consists of four steps: 1). Measurement (behavior characterization of a target system). 2). Identification of sensitive network and system state. 3). Identification of relevant introspective side channels. 4). Security analysis by connecting the sensitive network state and the relevant introspective side channels. Through these steps, techniques built on side channels are described which can enable a wide range of security applications to discover, analyze and validate both new and existing attacks. For instance, a sensitive TCP-related state kept on certain firewall middleboxes is discovered to facilitate TCP injection and hijacking attacks. More surprisingly, even without the middleboxes, similar attacks are still possible due to newly identified introspective side-channels on the hosts.