This package contains files required to reproduce the SMoTherSpectre exploit proof-of-concept on Skylake processors. For more details please refer to the short description or the arXiv paper. This work is a collaboration between the EPFL HexHive and PARSA labs, and IBM Research Zurich and joint work between Atri Bhattacharyya, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Babak Falsafi, Mathias Payer, and Anil Kurmus.

Experiment details

---

The PoC will run NEXPTS experiments, each of which aims to leak a bit randomly generated by the victim.

For each bit, the attacker runs SMoTherSpectre for the same victim secret NSAMPLES times to get that many timing samples. Finally, it uses the mean of the samples to guess the secret bit.

Two files victim_secret.csv and attacker_guess.csv are generated on each run. On each line, the victim writes its secret, and the attacker its corresponding guess. We compare these files to calculate the attacker's accuracy.

Executing process.py (as described later) runs SMoTherSpectre for NEXPTS=1000 and for NSAMPLES in the range of one to nine. Finally, it prints the attacker's accuracy in guessing the victim's secret (randomly generated 0 or 1) for each value of NSAMPLES. On the lower side, an accuracy of around 0.5 (or lower) implies failure on the attacker's part, as any blind attacker always guessing the same value will get correct ~50% of the time. On the higher side, the attacker should be able to guess the victim's secret with

90% accuracy.

This has been tested on an i5-6200u (stepping 3) CPU running Ubuntu under the following combinations of distro, kernel and microcode.

Ubuntu	Kernel	ucode
16.04.1	4.4.0-31	0x88
16.04.1	4.4.0-142	0x88
18.04.1	4.15.0-45	0x88

Required packages

---

To run this package, required packages include:

• musl-dev
• gcc-4.8
• python3
• octave (optional, only if you want to run plot_hist.m)

Apart from the above, we shall require the standard set of packages (for eg. make)

How to run

---

• Set constant CPU frequency by setting the scaling_governor to performance (write performance to the files /sys/devices/system/cpu/cpufreq/policy*/scaling_governor where the * represents a core number)
• Disable turbo boost (by writing 1 to /sys/devices/system/cpu/intel_pstate/no_turbo)
• Load msr kernel module if using PMC (modprobe msr)
• Set CORE0 and CORE1 in the Makefile to two logical cores on the same physical core For example, on a 4-core (hyperthreaded) CPU, cores 1 and 5 might use the same physical core
• ./process.py (as sudo)
• (optional) Open octave/matlab to run plot_hist.m

Description of included files

---

• attacker.c : Core of SMoTherSpectre attack. Poisons BTB, times CRC32 instructions
• victim.c : Victim core. BTI gadget and SMoTher gadget.
• orchestrator.c : Setup and launch attacker, victim
• skeleton.c : Surrounding code for attacker/victim. Includes synchronization, PMC setup (if used) and dumping data to files
• process.py : Run the experiment for NSAMPLES varying between 1 and 10
• macros.h : Macros for assembly sequences used
• pmc.h : PMC (performance monitoring counters) header file
• pmc.c : Implementation of PMC access functions
• synch.h : Lightweight synchronization of processes based on shared memory
• util.h : Simple utilities
• Makefile : The usual
• musl-gcc.specs : Specs for musl-libc
• plot_hist.m : Plot histograms of attacker timings corresponding to different attacker secrets

Notes

---

• By default, the PoC enables the collection of PMC stats for the victim. Files named victim_pmcN.csv will contain statistics corresponding to counters specified as counter programmables[] in skeleton.c. As shipped, victim_pmc0.csv will contain cycles for ARITH.DIVIDER_ACTIVE. On CPUs supporting BR_MISP_EXEC.TAKEN_INDIRECT_JUMP_NON_CALL_RET PMC counter, victim_pmc1.csv will hold a non-zero value for every run where BTI succeeded.
• Loading the msr kernel module is solely to collect additional victim stats not used for the attack.
• To disable PMC stats, change the use_pmc argument to build function in process.py.
• The SMoTher gadget uses SMoTher-differentiable sequences of crc32 and or instructions (specific for Skylake processors). For non-Skylake processors, you might have to select corresponding SMoTher-differentiable sequences in place of crc32 and or.
  For more details, refer to the paper.
• To use the base microcode, disable microcode updates at boot time by the dis_ucode_ldr kernel option