Title:  Side-Channel Vulnerability Metrics: SVF vs. CSV.

Abstract:
Recently two papers have been published on empirically measur- ing side-channel leakage in 
processors. The first paper introduced a framework for measuring side-channel leakage called 
“Side-Channel Vulnerability Factor” (SVF). SVF used phase correlation between victim and 
attacker programs to quantify leakage. A subsequent paper opposed some of the claims made in 
the SVF paper and intro- duced another metric, “Cache Side-channel Vulnerability” (CSV). CSV 
uses the same concept of measuring correlation between vic- tim and attacker, but instead proposes 
using direct correlation in place of phase correlation. Another major difference between SVF and 
CSV is the scope of leakage measurement – CSV is defined to apply to only cache leakage, whereas 
SVF can be applied to mul- tiple components within a processor. The CSV authors argue that applying 
SVF yields conclusions which contradicts what they term to be ground truth. In addition to these 
differences, the two papers used different experimental setups and thus their results were not 
directly comparable.

 This paper deconstructs the differences between SVF and CSV. We first provide a general overview 
of side-channels and back- ground on their modeling and measurement. We then examine the differences 
between SVF and CSV both quantitatively and quali- tatively using a common experimental setup. 
Finally, building on our examination of differences, we review and rebut claims made in the CSV 
paper against the SVF framework and metrics.