Giters

sabbaghm / SCADET

Software artifacts for SCADET: A Side-Channel Attack Detection Tool for Tracking Prime+Probe.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Introduction

This repository contains the software artifacts for SCADET: A Side-Channel Attack Detection Tool for Tracking Prime+Probe. Please read the article for a detailed description of the SCADET methodology and the tool components.

SCADET block diagram

SCADET block diagram

Binary instrumentaion and trace acquisition

Setup

  • OS: Ubuntu 16.04.1 operating system (Linux kernel version of 4.13.0-38-generic)
  • CPU: Intel Skylake core-i7 6700 CPU
  • Main memory: 16GB RAM
  • Caches: 16-way 8MB L3 cache, 8-way 32KB L1 I-cache, and 8-way 32KB D-cache All of our trace acquisitions are performed when regular background and foreground processes such as OS scheduling and user applications (browsers, editors, network applications etc.), were running at the same time. This added real noise to our traces.
    Note: we expect our instrumentation tool to be functional accross various x86 64-bit system configurations.

Pintool instrumentation

We used Intel pin version 3.4-97438-gf90d1f746-gcc-linux.
For i-cache instrumentation use the itrace.cpp.
For d-cache instrumentation use the dtrace.cpp.

For building and running the pintool for d-cache analysis, do:

cp src/instrumentation/dtrace.cpp pin-3.4-97438-gf90d1f746-gcc-linux/source/tools/ManualExamples/
cd pin-3.4-97438-gf90d1f746-gcc-linux/source/tools/ManualExamples/
make TARGET=intel64 obj-intel64/dtrace.so
cd ../../../
./pin -t source/tools/ManualExamples/obj-intel64/dtrace.so -o <output_file_name> -- <target_executable_program> <program arguments>
For example:
./pin -t source/tools/ManualExamples/obj-intel64/dtrace.so -o traces/l1d.bin -- mastik/demo/L1-capture 100

Note: you may need sudo access for converting virtual addresses to physical addresses through page maps.

Similarly you can launch the instrumentation and trace acquistions for i-cache analysis by building itrace.so.

Address analysis and pattern detection

After capturing the traces, copy them to the computing server/cluster.

Setup

  • Spark configuration: Apache Spark platform version 1.4.1 or 2.3.2 (Hadoop 2.4 or 2.7) and python 2.7.15.
    1 master node with 5 worker nodes. 50GB driver memory, 50GB executor memory, and 20GB maximum result size.
  • CPU: Intel Xeon CPU E5-2690 v3 2.6GHz, 48 logical cores
  • Main memory: 128GB RAM

Pyspark analysis

spark-submit --master spark://<master_node_ip>:<port> --executor-memory 50G --driver-memory 50G SCADET.py --mode <READ/WRITE> <L1I/L1D/LLC> <trace>
For example:
spark-submit --master spark://<master_node_ip>:<port> --executor-memory 50G --driver-memory 50G SCADET.py --mode READ L1D traces/l1d.bin

About

Software artifacts for SCADET: A Side-Channel Attack Detection Tool for Tracking Prime+Probe.

License:MIT License

Languages

Language:Python 50.2%Language:C++ 49.8%