Methodology of Assessing Information Leakage through Software-Accessible Telemetries

Modern computer systems offer a multitude of software-accessible telemetries to report system usage status. Recent research has shown a risk of sensitive information leaking through these telemetries during CPU execution. And yet, existing risk analysis methods are ad-hoc. We propose a methodology for evaluating the data-dependency exhibited by a workload through any chosen telemetry, using qualitative risk assessment and quantitative analysis. We present two case studies on analyzing correlation between telemetry readings and output classes in Deep Neural Network (DNN) algorithms, and workload identification using multiple telemetries, respectively. Based on the analysis, we conclude that the framework is conducive to assessing risk throughout secure design. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection-invasive software General Terms Security