Defensive ML: Defending Architectural Side-channels with Adversarial Obfuscation

TL;DR

This paper introduces Defensive ML, a novel approach using adversarial machine learning to obfuscate side-channel signals at the architecture level, effectively defending against ML-based side-channel attacks with minimal performance impact.

Contribution

It proposes a comprehensive workflow for designing, training, and deploying defenders using adversarial ML, including the DefenderGAN structure for effective signal obfuscation.

Findings

Hardware defender achieves high security with half the performance impact

Software defender provides better security with 30% less power overhead

Defensive ML effectively thwarts memory contention and power-based side-channel attacks

Abstract

Side-channel attacks that use machine learning (ML) for signal analysis have become prominent threats to computer security, as ML models easily find patterns in signals. To address this problem, this paper explores using Adversarial Machine Learning (AML) methods as a defense at the computer architecture layer to obfuscate side channels. We call this approach Defensive ML, and the generator to obfuscate signals, defender. Defensive ML is a workflow to design, implement, train, and deploy defenders for different environments. First, we design a defender architecture given the physical characteristics and hardware constraints of the side-channel. Next, we use our DefenderGAN structure to train the defender. Finally, we apply defensive ML to thwart two side-channel attacks: one based on memory contention and the other on application power. The former uses a hardware defender with ns-level response time that attains a high level of security with half the performance impact of a traditional scheme; the latter uses a software defender with ms-level response time that provides better security than a traditional scheme with only 70% of its power overhead.