Looking to examine the effectiveness of obfuscation schemes in cybersecurity, researchers at MIT have developed a new framework to evaluate how much information a hacker could extract from observing a program’s behavior. Using the name Metior, the framework offers a method by which multiple security schemes could be evaluated and compared, according to an MIT release.
“Metior helps us recognize that we shouldn’t look at these security schemes in isolation, says Peter Deutsch, graduate student and lead author for an open-access paper on Metior, in the release. “It is very tempting to analyze the effectiveness of an obfuscation scheme for one particular victim, but this doesn’t help us understand why these attacks work. Looking at things from a higher level gives us a more holistic picture of what is actually going on.”
Metior builds on previous work by the team with the CaSA tool, which looked at the amount of information leaked by a specific obfuscation scheme, and instead creates a unified mathematical model capable of analyzing all obfuscation schemes. “We take all of the nitty-gritty elements of this microarchitectural side-channel and map it down to, essentially, a math problem,” says Deutsch. “Once we do that, we can explore a lot of different strategies and better understand how making small tweaks can help you defend against information leaks.”
As for future goals, the research team is looking to optimize the framework to analyze obfuscation schemes and perform deeper analyses of common defenses and victim programs, to better understand how and why they leak data more efficiently.
Source:
https://news.mit.edu/2023/mit-researchers-evaluate-cybersecurity-methods-0628
