Skip to content

THU-HAS/PPA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
pocs
pocs
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

PPA: Novel Page Prefetcher-Based Side-Channel Attacks

Research-only microbenchmark for characterizing Intel Xeon “page prefetcher” behaviors described in PPA: Novel Page Prefetcher-Based Side-Channel Attacks.

What this PoC demonstrates

This PoC provides a repeatable harness to observe:

  • Cross-page prefetch effects.
  • IP-indexing collision.
  • Speculation-triggered prefetch.

How to reproduce

Hardware & Software Environment

  • Target CPUs: Intel Xeon platforms where the “page prefetcher” behavior is observable (as in the paper’s evaluation setup).
  • Best results on a mostly idle, dedicated machine.
  • Operating System: Linux (tested on Ubuntu 20.04 and similar).
  • Compiler: gcc or clang.

How to build and run

  • The existing of cross-page prefetch effects can be observed by running the following commands:
cd pocs
make run_page_prefetcher

Expect output similar to, may vary based on hardware and environment:

mkdir -p ./out
cc -o ./out/page_prefetcher -O0 page_prefetcher.c
taskset -c 0 ./out/page_prefetcher \
     25      15      1      0      0
range: 25, train_range: 15, stride: 1, train_offset: 0, probe_offest: 0
(t)page_idx: 0  , page_idx*stride: 0  , timing: 38  (cycle)
(t)page_idx: 1  , page_idx*stride: 1  , timing: 36  (cycle)
(t)page_idx: 2  , page_idx*stride: 2  , timing: 38  (cycle)
(t)page_idx: 3  , page_idx*stride: 3  , timing: 36  (cycle)
(t)page_idx: 4  , page_idx*stride: 4  , timing: 32  (cycle)
(t)page_idx: 5  , page_idx*stride: 5  , timing: 32  (cycle)
(t)page_idx: 6  , page_idx*stride: 6  , timing: 30  (cycle)
(t)page_idx: 7  , page_idx*stride: 7  , timing: 32  (cycle)
(t)page_idx: 8  , page_idx*stride: 8  , timing: 32  (cycle)
(t)page_idx: 9  , page_idx*stride: 9  , timing: 32  (cycle)
(t)page_idx: 10 , page_idx*stride: 10 , timing: 30  (cycle)
(t)page_idx: 11 , page_idx*stride: 11 , timing: 30  (cycle)
(t)page_idx: 12 , page_idx*stride: 12 , timing: 30  (cycle)
(t)page_idx: 13 , page_idx*stride: 13 , timing: 34  (cycle)
(t)page_idx: 14 , page_idx*stride: 14 , timing: 32  (cycle)
(p)page_idx: 15 , page_idx*stride: 15 , timing: 32  (cycle)  <-- Prefetched!
(p)page_idx: 16 , page_idx*stride: 16 , timing: 234 (cycle)
(p)page_idx: 17 , page_idx*stride: 17 , timing: 228 (cycle)
(p)page_idx: 18 , page_idx*stride: 18 , timing: 230 (cycle)
(p)page_idx: 19 , page_idx*stride: 19 , timing: 230 (cycle)
(p)page_idx: 20 , page_idx*stride: 20 , timing: 260 (cycle)
(p)page_idx: 21 , page_idx*stride: 21 , timing: 230 (cycle)
(p)page_idx: 22 , page_idx*stride: 22 , timing: 258 (cycle)
(p)page_idx: 23 , page_idx*stride: 23 , timing: 240 (cycle)
(p)page_idx: 24 , page_idx*stride: 24 , timing: 262 (cycle)
(p)page_idx: 25 , page_idx*stride: 25 , timing: 158 (cycle)

If no "<-- Prefetched!" lines appear, try re-running the benchmark.

Other experiments (IP-indexing collision sensitivity, speculative trigger) can be run by building and executing the corresponding PoC files in the pocs/ directory.

cd pocs
make run_out_of_place_trigger
make run_speculative_prefetch

Disclaimer

This code is provided for research purposes only.

About

PoC of "PPA: Novel Page Prefetcher-Based Side-Channel Attacks" (AsianHOST 2025)

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages