Machine learning has made it possible to mount powerful attacks through side channels that have traditionally been seen as challenging to exploit. However, due to the black-box nature of machine learning models, these attacks are often difficult to interpret correctly. Models that detect correlations cannot be used to prove causality or understand an attack’ s various sources of information leakage.

In this paper, we show that a state-of-the-art website fingerprinting attack was only partially analyzed. In this attack, a neural network is trained to predict websites from traces of cache-sweep counts over time, leading to a consensus that their attack exploited a cache-based side channel. However, we provide additional analysis contradicting this assumption and clarifying the mechanisms behind this powerful attack.

We first replicate the website fingerprinting attack without making any cache accesses, demonstrating that memory accesses are not crucial to the attack’ s success and may even inhibit its performance. We then search for the primary source of information leakage in our new attack by analyzing the effects of various isolation mechanisms and by instrumenting the Linux kernel. We ultimately find that this attack’ s success can be attributed to hardware interrupts. Finally, we use this analysis to craft effective defense mechanisms against our simplified attack.

I am participating in SuperUROP to continue doing meaningful research that I enjoy. My classes at MIT have given me many potential questions and ideas to investigate, and I hope to use this opportunity to further my knowledge in computer security. I also recently finished a paper with my lab group and am excited to investigate follow-up work and related research questions.