Defensive ML: Defending Architectural Side-channels with Adversarial Obfuscation
This addresses security threats from ML-based side-channel attacks for computer systems, offering incremental improvements in performance and power efficiency.
The paper tackles the problem of side-channel attacks using machine learning by proposing Defensive ML, a method that uses adversarial machine learning to obfuscate signals at the computer architecture layer, achieving a hardware defender with half the performance impact and a software defender with 70% of the power overhead compared to traditional schemes.
Side-channel attacks that use machine learning (ML) for signal analysis have become prominent threats to computer security, as ML models easily find patterns in signals. To address this problem, this paper explores using Adversarial Machine Learning (AML) methods as a defense at the computer architecture layer to obfuscate side channels. We call this approach Defensive ML, and the generator to obfuscate signals, defender. Defensive ML is a workflow to design, implement, train, and deploy defenders for different environments. First, we design a defender architecture given the physical characteristics and hardware constraints of the side-channel. Next, we use our DefenderGAN structure to train the defender. Finally, we apply defensive ML to thwart two side-channel attacks: one based on memory contention and the other on application power. The former uses a hardware defender with ns-level response time that attains a high level of security with half the performance impact of a traditional scheme; the latter uses a software defender with ms-level response time that provides better security than a traditional scheme with only 70% of its power overhead.