SCAGuard

This repository contains the tools and scripts for running SCAGuard. <strong>File Tree</strong> <pre><code>├── README.md<br> ├── Analyze<br> ├── Detect<br> ├── Normalize.py<br> ├── xprint.py<br> ├── SCAGuard_AC.sh<br> ├── SCAGuard_VC.sh<br> ├── SCAGuard.conf<br> ├── bingraphvis-bugfix<br> ├── CacheSimulator<br> ├── CFG_gen.py<br> ├── Intel PT<br> └── collect.sh<br> </code></pre> This repo contains the SCAGuard and its configuration file, as well as the necessary tools to help running SCAGuard. bingraphvis-bugfix: A tool for dumping the CFG, here is a bug-fix version from https://github.com/axt/bingraphvis. CacheSimulator: A Cache simulator for generating Cache State Transition. Intel PT: The scripts and pintool for collecting memory addresses. Perf: The script for collecting HPC data. <strong>Requirements</strong> Python3.7 numpy 1.19.2 pydotplus 2.0.2 angr 9.0.5034 angr-utils 0.5.0 cfg-explorer 0.0.1 bingraphvis (our bug-fix version) beautifulsoup4 4.9.3 capstone 4.0.2 pyvex 9.0.5034 gensim 4.0.1 tslearn 0.5.0.5 <strong>Preparation</strong> <strong>Preparation for Pintool instrumentation</strong> We use <em>Intel pin</em> version 3.13-98189-g60a6ef199-gcc-linux. For building and running the pintool for memory access collection, do: <pre><code>cp Intel PT/dtrace.cpp /Path/TO/pin-3.13-98189-g60a6ef199-gcc-linux/source/tools/ManualExamples/<br> cp Intel PT/acompile.sh /Path/TO/pin-3.13-98189-g60a6ef199-gcc-linux/source/tools/ManualExamples/<br> cd pin-3.13-98189-g60a6ef199-gcc-linux/source/tools/ManualExamples/<br> ./acompile.sh<br> </code></pre> <strong>Preparation for Cache Simulation</strong> To obtain the Cache State Transition, we modify a Cache Simulator from CacheSim. To use cache simulator, do: <code>cd CacheSimulator</code> Edit <code>main.cpp</code>, and modify the <code>cache line size</code>, <code>cache ways</code>, and <code>cache size</code>. <code>mkdir build</code> <code>cd build</code> <code>cmake ../</code> <code>make</code> Set the path of <code>CacheSim</code> binary program at <code>cachetool_path</code> in <code>./SCAGuard.conf</code> <strong>Preparation for HPC Data Collection</strong> We use <em>perf</em> version 5.9.10 (You may need to improve your kernel version). To use perf, do: <code>sudo sh -c 'echo 1 &gt;/proc/sys/kernel/perf_event_paranoid'</code> <code>sudo sh -c "echo 0 &gt; /proc/sys/kernel/kptr_restrict"</code> <strong>Preparation for CFG Collection</strong> We need to set a specific directory that contains the binaries need to generate CFGs. Open <code>./CFG_gen.py</code> Set the specific directory at <code>CFG_Path</code>. <strong>Preparation for SCAGuard</strong> Before use the SCAGuard, we need to set the paths of the necessary data and tools for SCAGuard. Open <code>./SCAGuard.conf</code> Set a path that contains samples at <code>file_path</code> . The samples could be selected from https://figshare.com/articles/dataset/DataSet/20528937. Set a path to store log files at <code>log_path</code>. Set the path of Intel Pin at <code>intelpin_path</code>. Set the path of Cache Simulator at <code>cachetool_path</code>. Set the directory that contains PoCs at <code>POC_dir</code>. We also need to set the path for each PoC. The path of Flush+Reload/ Prime+Probe/ with Spectre (Flush+Reload based)/ Spectre (Prime+Probe based) should be filled at <code>POC_fr</code>/<code>POC_pp</code>/<code>POC_frspectre</code>/<code>POC_ppspectre</code> respectively. Similarly, the path to the target programs also needs to be set. The path of Flush+Reload/ Prime+Probe/ Spectre (Flush+Reload based)/ Spectre (Prime+Probe based)/Benign Programs/Obfuscated Flush+Reload/Obfuscated Prime+Probe can be set at <code>FR_dir</code>/ <code>PP_dir</code> / <code>FRSpectre_dir</code>/ <code>PPSpectre_dir</code>/ <code>Benign_dir</code>/<code>O_FR_dir</code>/<code>O_PP_dir</code>, respectively. <strong>How to use SCAGuard</strong> <strong>Data Collection</strong> Leverage the script <code>collect.sh</code> to collect the HPC data of each sample. Then you will get the HPC data file <code>*.out.txt</code> for each sample. Use <code>Python3.7 ./CFG_gen.py</code> to generate the CFGs of the samples. Then the CFG data file <code>*.out.dot</code> is generated for each sample. <strong>Data Analysis</strong> To extract the attack-related basic blocks for attack modeling, Data Analysis is necessary by executing <code>./Analyze</code>. <strong>E1: Mutated-variant classification.</strong> To get the data in Table VI E1, use:<br> <code>./SCAGuard_AC.sh</code> <strong>E2: Spectre-like variant classification.</strong> To get the data in Table VI E2, use: ​ <code>./SCAGuard_VC.sh</code> <strong>E3: Classification of other attack family’s variants (Generalizability).</strong> To get the data in Table VI E3-1, use: ​ <code>./SCAGuard_FC-1.sh</code> To get the data in Table VI E3-2, use: ​ <code>./SCAGuard_FC-2.sh</code> <strong>E4: Obfuscated variant classification (Robustness).</strong> To get the data in Table VI E4, use: ​ <code>./SCAGuard_OC.sh</code>