Git Product home page Git Product logo

adversarialprefetch's Introduction

Adversarial Prefetch: New Cross-Core Cache Side-Channel Attacks

Description

This repo contains tools to perform Prefetch+Prefetch and Prefetch+Reload. For details of these two attacks, please refer to our Oakland'22 paper.

Timing Characterization

To run these two attacks, we must determine the timing threshold to distinguish different cache events. This includes: prefetch_hit_local_L1 and prefetch_hit_remote_L1 for Prefetch+Prefetch, as well as load_hit_LLC and load_hit_remote_L1 for Prefetch+Reload.

These thresholds depend on the microarchitecture details of the processor. We provide scripts to find the correct thresholds.

First, to obtain the threshold for Prefetch+Prefetch, do:

cd utils
bash get_pre_miss_latency.sh

This script tests the latency of the prefetchw when the target data is in the local/remote L1 cahe 50000 times (for each) and prints out the results.

When running this script, you should see something similar with the following image: Example Profiling Result

In the above image, an appropriate timing threshold for Prefetch+Prefetch should be 105-115 cycles.

Similarly, to obtain to get the threshold for Prefetch+Reload, do:

cd utils
bash get_llc_s_latency.sh

Then, pick an appropriate timing theshold based on results.

Note that, the timing threshold for the attack really depends on the physcical CPU cores the attack is running on. Thus, we should characterize the timing on the cores used in the attacks. This can be configured in utils/pre_miss_latency.c (for Prefetch+Prefetch) and utils/llc_s_latency.c (for Prefetch+Reload).

In utils/pre_miss_latency.c,

//Test the local and remote prefetch latency between core 0 and core 1.
#define trojan_core 0;
#define spy_core 1;

In utils/llc_s_latency.c,

//Test the LLC and remote L1 load latency between core 0 and core 2. 
#define trojan_core 0;
#define spy_core 2;
#define victim_core 1; // Does not really matter.

Setup and Run the Covert Channels

Step 1: Parameter configuration

We provide PoC for the covert channels. Before building and running the channel, there are a few parameters that need to be configured accordingly. Please see covert_channels/libs/util.h.

Step 2: Build the covert channels

To build the covert channels, do

cd covert_channels
mkdir build
cmake ..
make

Then you can find the sender and receiver executables in 'covert_channels/build/bin' directory.

Step 3: Run the covert chanenls

To run a covert channel, first start the sender process

cd covert_channels/build/bin
./sender 

This sender process sends "0" and "1" alternatively. Then start one of the receiver processes

cd covert_channels/build/bin
./receiver_pre_pre > raw_bits_received

or

cd covert_channels/build/bin
./receiver_pre_relo > raw_bits_received

The file "raw_bits_received" will contain the bits the receiver detected.

Side channel example

TBA.

Contact

For any questions, please open an issue in this repo. Or contact Yanan via email, which is contained in the paper, linked above.

adversarialprefetch's People

Contributors

andrewzigerelli avatar tuinannan avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.