Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prime Access Pattern for Intel Skylake-SP and Cascade Lake-SP #5

Open
zzrcxb opened this issue Oct 13, 2023 · 2 comments
Open

Prime Access Pattern for Intel Skylake-SP and Cascade Lake-SP #5

zzrcxb opened this issue Oct 13, 2023 · 2 comments

Comments

@zzrcxb
Copy link

zzrcxb commented Oct 13, 2023

Dear Antoon and Furkan,

I'm a PhD student from the University of Illinois Urbana-Champaign. I really enjoyed reading your paper.

I have a specific question regarding the prime access pattern used in your covert-channel experiments on Intel Skylake-SP and Cascade Lake-SP, which use non-inclusive LLC. If I have interpreted the paper correctly, my understanding is that you first construct two eviction sets for one LLC set. Then, during each iteration, you sequentially access lines from just one of the two eviction sets. In the next iteration, you switch to the other eviction set, thereby creating an "alternating pointer-chase" pattern. Have I grasped this correctly? To give a clearer picture of my interpretation, the pattern appears akin to:

EVSets EVa, EVb; // two eviction sets mapped to the same LLC set
int i = 0; // iteration count
...
// in a loop
while (...) {
  if (i % 2) {
    // prime the first line in EVa to an eviction candidate
    sequential_access(EVa);
  } else {
    // prime the first line in EVb to an eviction candidate
    sequential_access(EVb);
  }
  i++;
}

One challenge I encountered is that the prime pattern sometimes loses its efficacy after several hundred iterations. For instance, it sometimes struggles to prime the first line as the eviction candidate after a few hundreds of iterations. Could this be attributed to background noise or some other variable?

After going through this repo, I found that there doesn't seem to be an implementation for the covert channel on processors with non-inclusive caches. Would it be possible for you to share the specific implementation or perhaps provide some guidance on maintaining a consistent eviction candidate over extended periods?

I genuinely appreciate your time and insights. Thank you in advance.

Warm regards,
Neil
@antoonpurnal
Copy link
Collaborator

Hi Neil,

Thanks for your interest in our work. Quickly having a look, I would recommend the following:

  • Use the non-inclusive Prime pattern as included here in the repo.
  • Ensure that, prior to starting the alternating pattern, all remnants of EVa/EVb are removed from the cache after they are constructed (e.g., by using a Fill-Flush-Fill approach with yet another eviction set).

Success with your research!

@zzrcxb
Copy link
Author

zzrcxb commented Oct 25, 2023

Hi Antoon,

Thanks for your response!

e.g., by using a Fill-Flush-Fill approach with yet another eviction set

I am not very sure about the role of Fill-Flush-Fill. Is the goal to empty the target cache set?

Based on your description, I think the code pattern is similar to the following snippet?

prime(EVa);
flush(EVa);
prime(EVa);

prime(EVb);
// the first line of EVb is the eviction candidate

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zzrcxb @antoonpurnal