University of Minnesota
Machine Architecture and Organization (sec 010)
index.php
CSci 2021 Lab 0xE

CSci 2021 Lab 0xE: Spy Lab : Cache Side Channel Attack

Introduction

In this lab you will explore cache side channel attack via the spy and victim programs. As you learned in lecture side channels are an unexpected way in which a system reveals information, different from how information is intentionally output. In a side channel, information is revealed from an unsuspecting victim. In this lab, you will get a first hand look at how side channels can be attacked by spies!

For this lab you will be creating the probe that will be used for the cache side channel attack. In order to fill out the information for the probe you will need to use the command nm executable which provides information about symbols being used in object and executable files. This information includes the virtual addresses.

To start this lab, unpack the source files for this lab with this command:

cp /web/classes/Fall-2018/csci2021-010/labs/0xE/lab0xE.tar .
tar -xvf lab0xE.tar

First Step

You need to compile the programs using the flag -no-pie in order to have the output for the command nm correct.

gcc sample-victim.c -g -no-pie -o sample-victim
nm sample-victim

Second Step

Use the information from nm to fill out the probe file (new.probe)

You will need to replace the information in brackets with something from the output generated in part A. The brackets are just a place holder, so remember to remove them.

Third Step

In two seperate terminals, run the program spy and sample-victim (sample-victim takes in one command-line argument a/b and spy has the command-line argument of the probe file) and observe the output. It should run without anything printed and then when the victim is run, it should print the letter corresponding to the command-line argument.

For example: In one terminal, run the command ./spy new.probe
In the other terminal, while this program is running, type in the command ./sample-victim [ab]
Note: [ab] refers to the valid input

Fourth Step

Utilizing the sample-victim file, try to create a different problem that can also be cache side channel attacked. A good approach would be to look at how the global variables can be changed to be different data structures or types.

Notes:
[1] If you are remotely logged into a machine, you must forward X Windows traffic back to your local machine (your PC). With ssh you can simply add the -XY options.