There's Always a Bigger Fish: A Clarifying Analysis of a Machine-Learning-Assisted Side-Channel Atack

Abstract

Machine learning has made it possible to mount powerful attacks through side channels that have traditionally been seen as challenging to exploit. However, due to the black-box nature of machine learning models, these attacks are often difcult to interpret correctly. Models that detect correlations cannot be used to prove causality or understand an attack's various sources of information leakage. In this paper, we show that a state-of-the-art website-fngerprinting attack powered by machine learning was only partially analyzed. In this attack, an attacker collects cache-sweeping traces, which measure the frequency at which the entire last-level cache can be accessed over time, while a victim loads a website. A neural network is then trained on these traces to predict websites accessed by the victim. The attack's usage of the cache led to a consensus that the attack exploited a cache-based side channel. However, we provide additional analysis contradicting this assumption and clarifying the mechanisms behind this powerful attack. We frst replicate the website-fngerprinting attack without making any cache accesses, demonstrating that memory accesses are not crucial to the attack's success and may even inhibit its performance. We then search for the primary source of information leakage in our new attack by analyzing the effects of various isolation mechanisms and by instrumenting the Linux kernel. We ultimately fnd that this attack's success can be attributed primarily to system interrupts. Finally, we use this analysis to craft highly practical and effective defense mechanisms against our attack.