3.5 KiB
calibration-done-right
Public code for the "calibration done right" paper
The code base is written entirely in rust.
There are three crates with binaries providing results :
- aes-t-tables runs the T-table attack using the 3 side channels
- cache_utils
two_thread_cal
runs a full calibration on all core pairs for Flush+Flush and analyses the results to provide error rate predictions in various attacker models - covert_channel_beanchmark is the crate that runs covert channel benchmarks on the various covert channels
The code presented runs under Fedora 30, and can also be made run on Ubuntu 18.04 LTS with minor tweaks
(Notably lib cpupower may also be called lib cpufreq)
On recent fedora the package is kernel-tools-libs-devel
, on debian libcpupower-dev
You will also need utility cpupower
(from kernel-tools
/ linux-cpupower
)
Usage
General set-up
Requires rust nightly features. Install rust nightly using rustup
One should disable turbo boost and other source of idle frequency scaling
On Intel platforms, the following should work.
# performance cpu frequency governor
cpupower frequency-set -g performance
# No Turbo Boost
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
Depending on the experiment you may be interested in disabling prefetchers.
Two thread calibration set-up and usage
In addition to the general set-up you need to enable 2MB hugepage and ensure at least one is available.
Then you can run cargo run --release --bin two_thread_cal > result.log
Various scripts are also included that have been used to parse the log.
analyse.sh
-> analyse_csv.py
-> analyse_median.py
Is used to analyse the timing histograms
extract_analysis_csv.sh
Is used to extract the attacker model results.
The python scripts requires an environment (such as a virtual env) with the packages in cache_utils/requirements.txt
AES T-table set-up and usage
One needs an OpenSSL built with the no-asm and the no-hw flags install in ~/openssl (the path is in aes-t-tables/cargo.sh and can be changed).
You the need to extract the T-table addresses, this can be done using nm libcrypto.so | "grep Te[0-4]"
, and update those in aes-t-tables/src/main.rs
You'll also want to update the thresholds in main.rs using the results from the calibration.
You can then run ./cargo.sh run --release > result.log
Covert Channel benchmark
Do the general set-up, update the thresholds for Naive channels in main.rs and then run cargo run --release | tee results.log
Crate documentation
cpuid
is a small crate that handles CPU microarchitecture indentification and provides info about what is known about itcache_utils
contains utilities related to cache attackscache_side_channel
defines the interface cache side channels have to implementbasic_timing_cache_channel
contains generic implementations of Naive and Optimised cache side channels, that just require providing the actual operation usedflush_flush
andflush_reload
are tiny crates that usebasic_timing_cache_channel
to export Flush+Flush and Flush+Reload primitivesturn_lock
is the synchronisation primitive used bycache_utils
and thecovert_channel_evaluation
.covert_channel_evaluation
is a generic implementation of acovert_channel
benchmarkcovert_channel_benchmark
calls the previous implementation over the 3 channels.
rust version
Known good nightly :
- rustc 1.54.0-nightly (eab201df7 2021-06-09)
- rustc 1.55.0-nightly (885399992 2021-07-06)
License
Apache-2.0 or MIT