Detecting and identifying side channel attacks on cloud computer systems using machine learning

This project is now closed. The details below are for information purposes only. View our current projects here

Applications are invited for a self-funded, 3-year full-time or 6-year part-time PhD project, to commence in October 2019 or February 2020. The PhD will be based in the School of Computing and will be supervised by Dr Mo Adda, Dr Alexander Gegov and Dr Gareth Owenson.

Side Channel attacks are the actions of stealing sensitive data (e.g. secret keys, password and bank details) by exploiting the behaviour of a black box (e.g. a CPU) to infer and steal information from it (e.g. encryption keys). For example, one might steal keys from a smart card allowing them to clone it.

Initially, it was thought side channel attacks are aimed only at stealing secret keys of cryptographic algorithms. Recent research, however, has shown that the side channel attacks can target any kind of data in environments where memory content in kernel space, main memories, databases, smart cards, BTree search algorithms, satellite systems, CAPTCHA, printers, web applications and keystroke are involved.

Meltdown attacks, currently a hotspot area in the modern cloud and native computer systems, are such examples. Attackers use Flush+Reload techniques to exploit the vulnerabilities of victim systems. They can read arbitrary memory locations regardless how isolated they are. The attacks run in users’ unprivileged environment and so do not require any privileges to achieve their objectives. Besides, the exploitation does not leave any traces in the traditional log files. From a digital forensic point of view for instance, it is harder to collect any evidence from the attack. Furthermore, even anti-virus tools are not capable of detecting these attacks, because the anti-virus tools may detect malware by only comparing binary against known signatures.

The aim of this research, based on a previously successful work, is to develop a universal framework to detect the most popular side channel attacks based on Flush+Reload, Prime+Probe, Flush+Flush  +Reload techniques. It relies on a fine-grained program execution attributes when the smallest unit of program is assigned to a processor core’s time line with other workloads, concurrently. This framework utilises program phase proprieties as a security solution in detecting side channel attacks.

This is achieved by taking a course of program phase analysis to extract malicious loops with heterogeneous workloads. The main characteristics of the framework is reliability, efficiency, performance and accuracy, which existing frameworks lack. Machine learning algorithms will be the building blocks of the proposed universal framework to sense, detect and identify malicious attacks on the cloud computer system.

Funding

PhD full-time and part-time courses are eligible for the Government Doctoral Loan (UK and EU students only).

2019/2020 entry

Home/EU/CI full-time students: £4,327 p/a*
Home/EU/CI part-time students: £2,164 p/a*

International full-time students: £15,900 p/a*

International part-time students: £7,950 p/a*

*Fees are subject to annual increase

By Publication Fees 2019/2020

Members of staff: £1,610 p/a*
External candidates: £4,327 p/a*

*Fees are subject to annual increase

How to apply

We’d encourage you to contact Dr Mo Adda (mo.adda@port.ac.uk) to discuss your interest before you apply, quoting the project code CCTS4620219.

When you're ready to apply, you can use our online application form and select ‘Computing and Creative Technologies’ as the subject area. Make sure you submit a personal statement, proof of your degrees and grades, details of two referees, proof of your English language proficiency and an up-to-date CV.  

Our How to Apply page also offers further guidance on the PhD application process.