This repository contains the experiments of evaluation and case studies discussed in the paper

• "SegScope: Probing Fine-grained Interrupts via Architectural Footprints" (HPCA 2024).

SegScope can be used to probe interrupts without any timer. We successfully apply it to resurrect multiple end-to-end attacks in a timer-constrained scenario.

In order to run the experiments and proof-of-concepts, the following prerequisites need to be fulfilled:

• Linux installation

  • Build tools (gcc, make)
  • Python 3

• Browsers (for website fingerprinting)

  • Chrome Browser or Tor Browser.
  • You also need to install the drivers for the browsers you would like to use.
  • Chrome: Download here and add chromedriver to your path
  • Tor Browser: Install tor-browser-selenium

Throughout our experiments, we successfully evaluated our implementations on the following environments. We recommend to test SegScope on bare-metal machines.

Note: The enhanced Spectral attack relies on the UMONITOR/UMWAIT instructions that are only available on Intel latest core processors (Tremont and Alder Lake). We evaluate it on our Lenovo Savior Y9000P machine. Please refer to mwait for more details.

This repository contains the following materials:

• E1-Website Fingerprinting: contains the code that we apply SegScope to detect interrupts while opening a website.
• E2-Enhancing Spectral attack: contains the code that we use SegScope to enhance a non-interrupt side channel attack (i.e., spectral ).
• E3-Breaking KASLR: contains the code that we rely on SegScope-based timer to derandomize KASLR.

If there are questions regarding these experiments, please send an email to [email protected].

Please use the following BibTeX entry:

@inproceedings{Zhang2024SegScope,
  year={2024},
  title={SegScope: Probing Fine-grained Interrupts via Architectural Footprints},
  booktitle={High Performance Computer Architecture},
  author={Xin Zhang and Zhi Zhang and Qingni Shen and Wenhao Wang and Yansong Gao and Zhuoxi Yang and Jiliang Zhang}
}