Defense Event

Discover, Analyze, and Validate Attacks With Introspective Side Channels

Zhiyun Qian

Friday, April 13, 2012
1:30pm - 3:30pm
3725 BBB

Add to Google Calendar

About the Event

Traditionally, the focus of security property “confidentiality” is on users’ data (or application-layer information) such as password and credit card numbers. However, as network systems grow in complexity, more sensitive and “internal” state information is being maintained both within and external to the system, and therefore also subject to being leaked or inferred. One such example is that more features are being pushed to the middleboxes in the network which causes additional sensitive network state to be kept. The leakage of such internal state can ultimately cause security breaches at the application layer. In my thesis, I describe my journey of systematically identifying important security impact of the internal network state revealed unintentionally through what I define as introspective side channels. Such side channels in disguise only leak seemingly trivial information. My approach consists of four steps: 1). Measurement (behavior characterization of a target system). 2). Identification of sensitive network and system state. 3). Identification of relevant introspective side channels. 4). Security analysis by connecting the sensitive network state and the relevant introspective side channels. Through these steps, I have developed techniques using side channels as building blocks to enable a wide range of security applications to discover, analyze and validate both new and existing attacks. For instance, I discovered that sensitive TCP-related state kept on certain rewall middleboxes can be exposed to facilitate TCP injection and hijacking attacks. More surprisingly, even without the middleboxes, similar attacks are still possible due to newly identified introspective side-channels on the hosts.

Additional Information

Sponsor(s): Zhuoqing Morley Mao

Open to: Public