YoVDO

Side-Channel Attacks on Shared Search Indexes

Offered By: IEEE via YouTube

Tags

Side Channel Attacks Courses Cybersecurity Courses TF-IDF Courses

Course Description

Overview

Explore side-channel attacks on shared search indexes in this IEEE Symposium on Security & Privacy conference talk. Delve into the vulnerabilities of multi-tenant full-text search systems like Elasticsearch and Apache Solr. Learn about the STRESS (Search Text RElevance Score Side channel) attack, which exploits TF-IDF scores to leak information about other users' documents. Discover how attackers can map index structures, obtain document placement, and extract sensitive information from co-tenants. Examine real-world demonstrations on popular services such as GitHub and Xen.do. Gain insights into the technical aspects of these attacks, including the DF sidechannel, TM sidechannel, and ScottyP sidechannel. Understand the implications for document retrieval security and explore potential countermeasures to protect against these vulnerabilities in shared search environments.

Syllabus

Introduction
What are Shared Search Indexes
How does a Shared Search Index work
SideChannel Attacks
How does it work
The DF sidechannel
The TM sidechannel
ScottyP sidechannel attack
koshertesting
shark mating
tag testing
results
GitHub
Scenario
Common Areas
Summary
Questions


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Security Principles
(ISC)² via Coursera
A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera
FinTech for Finance and Business Leaders
ACCA via edX
Access Control Concepts
(ISC)² via Coursera
Access Controls
(ISC)² via Coursera