Skip to content

This repository contains two proof-of-concept of cache side-channel attack (i.e., Flush+Reload)

Notifications You must be signed in to change notification settings

koreauniv-lsm/CSCA

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

Concept of CSCA (Cache Side Channel Attack / Lab 9)

This repository contains two proof-of-concept of cache side-channel attack (i.e., Flush+Reload). As all PoCs are only successfully mounted on Intel CPUs with Ubuntu, please checks your environment. We demonstrated the demos in Ubuntu 16.04 LTS and Intel core i5-7400 3.00 GHz.

Setup

$ git clone https://github.com/koreauniv-lsm/CSCA.git
$ cd CSCA
If you are not a student of Korea University's system security practice course, you need to (click toggle) and install conda and matplotlib as follows.
$ wget https://repo.anaconda.com/archive/Anaconda3-2019.10-Linux-x86_64.sh
$ bash Anaconda3-2019.10-Linux-x86_64.sh
$ source ~/.bashrc
$ conda create --name name-of-virtual-env
$ conda activate name-of-virtual-env
$ conda install matplotlib

PoC1

The PoC1 shows the overall concept for Flush+Reload to operate in one process. (to be extended to Meltdown later)

In the demo, we declare probe_array, which is a set of cache lines, and access only one specific cache line among them, and visually show the difference in latency between accessed and non-accessed cache lines.

In addition, after saving the visually expressed graph, it is sent by e-mail to the user's account. (Using mutt program)

How to execute the PoC1

  • The target cache line to be input must be entered from 0 to 256. (because probe_array is of size 256 pages)
$ cd poc1
$ ./run.sh {Target_cache_line}

Proceed

  • You can check the target cache line, and result of cache line is same (241)

image

  • Also you can get an intuitive Flush+Reload image with threshold.

image

  • Finally, the picture is sent to the e-mail address set by the user.

image

  • You can check the picture in your mail box (or spam box)

image

PoC2

The PoC2 probes that the victim accesses the specific target file (i.e., target.txt), repeatedly. In this demo. the spy and victim achieve a memory sharing on a target file.

You can test this PoC2 codes in two ways.

How to execute the PoC2 (victim: shell command)


$ cd poc2
$ make

// spy
$ ./spy target.txt

// victim
$ cat target.txt

How to execute the PoC2 (victim: process)


$ make

// spy
$ ./spy target.txt

// victim
$ ./victim target.txt


Reference

About

This repository contains two proof-of-concept of cache side-channel attack (i.e., Flush+Reload)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published