Increased Reproducibility And Comparability of Data Leak Evaluations Using ExOT
Philipp Miedla, Bruno Klopottb and Lothar Thielec
Computer Engineering and Networks Laboratory (TIK), ETH Zurich Gloriastrasse 35, Zurich, Switzerland
amiedlp@ethz.ch
bklopottb@student.ethz.ch
cthiele@ethz.ch
ABSTRACT
As computing systems are increasingly shared among different users or application domains, researchers have intensified their efforts to detect possible data leaks. In particular, many investigations highlight the vulnerability of systems w. r. t. covert and side channel attacks. However, the effort required to reproduce and compare different results has proven to be high. Therefore, we present a novel methodology for covert channel evaluation. In addition, we introduce the Experiment Orchestration Toolkit ExOT, which provides software tools to efficiently execute the methodology.Our methodology ensures that the covert channel analysis yields expressive results that can be reproduced and allow the comparison of the threat potential of different data leaks. ExOT is a software bundle that consists of easy to extend C++ libraries and Python packages. These libraries and packages provide tools for the generation and execution of experiments, as well as the analysis of the experimental data. Therefore, ExOT decreases the engineering effort needed to execute our novel methodology. We verify these claims with an extensive evaluation of four different covert channels on an Intel Haswell and an ARMv8 based platform. In our evaluation, we derive capacity bounds and show achievable throughputs to compare the threat potential of these different covert channels.
Keywords: Experimental Evaluation, Reproducibility, Comparability, Expressiveness.