Artifact for IMPACT DSN 2025 Paper

This repository provides all the necessary files and instructions to reproduce the results of our DSN 2025 paper.

Nisa F. Bostanci, Konstantinos Kanellopoulos, Ataberk Olgun, Giray Yaglikci, Ismail Yuksel, Nika Mansouri Ghiasi, Zulal Bingöl, Mohammad Sadrosadati, Onur Mutlu "Revisiting Main Memory-Based Covert and Side Channel Attacks in the Context of Processing-in-Memory" DSN'25. Paper PDF

Please use the following citation if this repository is useful for your work:

@inproceedings{fbostanci2025dsn,
    title={{Revisiting Main Memory-Based Covert and Side Channel Attacks in the Context of Processing-in-Memory}},
    author={Fatma Nisa Bostanci, Konstantinos Kanellopoulos, Ataberk Olgun, Giray Yaglikci, Ismail Yuksel, Nika Mansouri Ghiasi, Zulal Bingöl, Mohammad Sadrosadati, Onur Mutlu},
    year={2025},
    booktitle={DSN}
}

Reproduction of Results

This artifact contains the code and instructions to reproduce the main results paper.

• Figure 8: PNM and PUM Proof of Concept (POC) attacks. In this figure, we demonstrate the PNM and PUM attacks using the Sniper simulator. The figure shows the timings observed by the sender and receiver, as well as the duration of the attack and the correctness of the received data.
• Figure 9: PNM, DRAMA (clflush), DRAMA (eviction sets), PUM, and DMA attacks. In this figure, we show the throughput of the attacks in terms of Mbits per second. The figure compares the performance of different attacks and their effectiveness in leaking data.
• Figure 10: PNM and PUM latency for both the sender and receiver. In this figure, we show the latency of the PNM and PUM attacks for both the sender and receiver. The figure highlights the differences in latency between the two attacks and their impact on attack throughput.
• Figure 12: Defense mechanism experiments. In this figure, we compare the performance of different defense mechanisms against the PNM and PUM attacks. The figure shows the performance overheads of the defense mechanisms compared to the baseline system.

Table of Contents

1. Prerequisites & System Requirements
2. Script Overview
3. Setup Instructions
   • 3.1. Dependency Installation
   • 3.2. Conda Environment Setup
   • 3.3. Building the Attacks and Simulator
4. Running the Main Script
   • 4.1. Basic Example Run
   • 4.2. Running Attacks for Figure 9
     • 4.2.1. PNM Attack
     • 4.2.2. DRAMA Attack (clflush)
     • 4.2.3. DRAMA Attack (Eviction sets)
     • 4.2.4. PUM Attack
     • 4.2.5. DMA Attack
   • 4.3. Running Attacks for Figure 8 and 10 (PNM POC)
   • 4.4. Running Attacks for Figure 8 and 10 (PUM POC)
   • 4.5. Running Defense Mechanism Experiments for Figure 12
5. Post-Execution Steps
6. Troubleshooting
7. File Structure
8. Notes
9. Contact

1. Prerequisites & System Requirements

All prerequisites are satisfied by the scripts (install_dependencies.sh and artifact.sh), but it is essential to understand the requirements before running the script:

• Linux Operating System: The script is designed for a Linux environment. It has been tested on #66-Ubuntu SMP with kernel version 5.15.0-60-generic.
• Bash: We need access to bash and packages like wget, tar, and make.
• Python 3: The script uses Python 3.10. We add the ppa:deadsnakes/ppa so that we can install the latest version of Python 3.10 development packages.
• Conda: For managing Python environments. Specifically, Miniconda is recommended to avoid installing a large number of packages by default. Download Miniconda
• Internet Connection: For downloading dependencies, packages and the traces.
• Sufficient Disk Space: For building the simulator and storing results. The simulator build process and the storage of results require several ~10GB (max 20GB) of space.
• Memory: Running all the defense experiments in parallel requires at least 128GB of RAM and we suggest >64 cores.

2. Script Overview

The provided bash script automates the following tasks:

• Dependency Installation: Checks for and executes install_dependencies.sh if it exists. This script should contain OS-level dependencies (e.g., build tools).
• Conda Environment Setup: We use global-level Python 3.10 for the attack and defense scripts.
• Building Attacks and Simulator: Compiles the impact covert channel attack code for all attack vectors and the sniper simulator.
• Running Examples: Intended to execute a basic example to verify the simulator setup.
• Attack Execution: Executes various attack scripts (PNM, DRAMA-clflush, DRAMA-evict, PUM, DMA) to generate the leakage throughput shown in Figure 9.
• Proof of Concept (POC) Attack Execution: Executes POC attack scripts for PNM and PUM to generate the exact timings for each attack and the duration of the sender/receiver (Figure 8 and 10).
• Defense Mechanism Experiments: Executes scripts to run defense mechanism experiments (Figure 12) and generate results.

3. Setup Instructions

3.1. Dependency Installation

Run the Installation Script:

cd impact_artifact
sh install_dependencies.sh
bash 
conda activate impact310

3.2. Conda Environment Setup

1. Install Miniconda: It is recommended to use Miniconda. The script downloads the appropriate installer for your system so that we can avoid installing a large number of packages by default.
2. Run the Installer: Executes the downloaded .sh file (e.g., bash Miniconda3-latest-Linux-x86_64.sh). Follow the on-screen instructions. Accept the license agreement, and choose an installation location (the ./impact_artifact directory is recommended).
3. Open a New Terminal: Open a new terminal window for the changes to your shell configuration to take effect. You should now be able to use the conda command.

4. Running the Main Script

Run the Main Script: Execute the main bash script which will:

• Initialize and create the conda environment named impact with Python 3.10
• Build the attacks and simulator.
• Run the basic example.
• Run the attacks for Figure 8,9,10.
• Run the defense mechanism experiments for Figure 12.

#Inside the root of the repo directory
sh artifact.sh 

4.0 Conda Environment Creation and Compilation

Conda Initialization: The script will initialize conda if it is not already initialized. Environment Creation: The script will create a conda environment named impact with Python 3.10

4.1 Building the Attacks and Simulator

1. Navigates to the Impact Directory: The script will navigate to the impact/covert_channel_attack/ directory. Ensure this directory exists.
2. Cleans and Builds: It will clean and build the attack code using make clean and make all. Ensure that a Makefile is present in the impact/covert_channel_attack/ directory and that the necessary source files for the attacks are present. A single Makefile is used to build all the attacks.
3. Navigates to the Simulator Directory: The script will navigate to the simulator/sniper directory. Ensure this directory exists and contains the Sniper simulator source code.
4. Cleans and Builds: It will clean and build the simulator using make distclean and make -j$(nproc). Ensure that a Makefile is present in the simulator/sniper directory.

After running the script, you should hopefully have all the figures in the results_attacks/ and results_defense/ directories.**

4.1.1 Basic Example Run

• The script executes a basic example using the simulator.
• This step verifies that the simulator is built correctly and that the basic execution environment is working. You will need to have a valid Sniper configuration file.

4.2. Running Attacks for Figure 9

The script executes the following attacks. It creates result directories in $home_dir/results_attacks/. Ensure that the necessary Python scripts are located in the $home_dir/impact/covert_channel_attack/script/ directory. For simplicity, we execute the attacks in a simulated system with 16 banks (transmitting 16 bits per iteration).

4.2.1. PNM Attack

python3 $home_dir/impact/covert_channel_attack/script/run_pnm.py $home_dir 16 $home_dir/results_attacks/pnm

4.2.2. DRAMA Attack (clflush) https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/pessl

python3 $home_dir/impact/covert_channel_attack/script/run_drama.py $home_dir 16 $home_dir/results_attacks/drama

4.2.3. DRAMA Attack (eviction sets) https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/pessl

python3 $home_dir/impact/covert_channel_attack/script/run_drama_ev.py $home_dir 16 $home_dir/results_attacks/drama_ev

4.2.4. PUM Attack

python3 $home_dir/impact/covert_channel_attack/script/run_pum.py $home_dir 16 $home_dir/results_attacks/pum

4.2.5. DMA Attack

python3 $home_dir/impact/covert_channel_attack/script/run_dma.py $home_dir 16 $home_dir/results_attacks/dma

4.3. Running Attacks for Figure 8 and 10 (PNM POC)

python3 $home_dir/impact/covert_channel_attack/script/run_pnm_poc.py $home_dir 16 $home_dir/results_attacks/pnm_poc

4.4. Running Attacks for Figure 8 and 10 (PUM POC)

python3 $home_dir/impact/covert_channel_attack/script/run_pum_poc.py $home_dir 16 $home_dir/results_attacks/pum_poc

4.5. Running Defense Mechanism Experiments for Figure 12

• Download Traces: The script downloads and extract trace files for the defense experiments.
• Create Jobfile: The script uses create_jobfile_impact.py to generate a job file for running defense simulations with the Sniper simulator. Ensure this script is in $home_dir/scripts/.
• Execute Jobfile: The script executes the generated job file using sh. This will likely launch multiple Sniper simulations which will be running in parallel in the background. You need a system with at least 128GB of RAM to run all the defense experiments in parallel. It will take ~1-2 hours to run all the experiments depending on your system.

wget https://storage.googleapis.com/traces_virtual_memory/traces_victima
tar -xzf ./traces_victima
mv ./traces_victima $home_dir/traces


mkdir -p $home_dir/results_defense/ # Store the results of the defense experiments here
mkdir -p $home_dir/outputs_defense/ # Store the outputs of the defense experiments here
python3 $home_dir/scripts/create_jobfile_impact.py $home_dir $home_dir/scripts/defenses.jobfile

sh $home_dir/scripts/defenses.jobfile

5. Post-Execution Steps

• Install Plotting Dependencies

pip install numpy matplotlib pandas

• Run Plotting Scripts The script creates Figures 8, 9, 10 and 12 under $home_dir/figures/ directory.

sh plot_figures.sh

• Review Results: Review Figures 8,9,10,12 in the figures/ directory.

6. Troubleshooting

Build Errors

• Check the output of make commands for errors. Look for messages about missing dependencies, header files, or compilation failures.
• Ensure all build tools (e.g., gcc, g++, make) are installed correctly. The install_dependencies.sh script should handle this.
• Clean the build directories (make clean and make distclean) before rebuilding.

Python Errors

• Verify the correct Python versions are being used. The conda environment should use Python 3.10. Use which python and python --version to check.

Missing Files

• Double-check that all necessary files (e.g., scripts, configuration files, Makefiles) are present in the correct directories. The script assumes a specific directory structure.
• Verify that the file paths in the script are correct for your system. The script uses $home_dir, which should resolve to the directory where the script is located.

Permission Issues

• Ensure the script has execute permissions (chmod +x artifact.sh).
• Ensure that you have write permissions to the directories where the results are being written (e.g., results_attacks/, results_defense/).

7. File Structure

The script assumes the following file structure:

impact_artifact/
├── artifact.sh (main script)
├── install_dependencies.sh (dependency installation script)
├── plot_figures.sh (plotting script)
├── README.md
├── conda/
│   └── ... (conda installation) 
├── impact/
│   └── covert_channel_attack/
│       ├── Makefile
│       ├── $attack_code$ ..        (Source code for attacks)
│       └── script/
│           ├── run_pnm.py
│           ├── run_drama.py
│           ├── run_drama_ev.py
│           ├── run_pum.py
│           ├── run_dma.py
│           ├── run_pnm_poc.py
│           ├── run_pum_poc.py
├── simulator/
│   └── sniper/
│       ├── Makefile
│       ├── common/       (Sniper simulator source code)
│       └── config/
│           └── impact_configs/
│               └── impact_baseline.cfg
├── scripts/
│   ├── create_jobfile_impact.py
│   ├── defenses.jobfile (generated)
│   ├── parse_results.py (creates the CSV for Figure 12)
│   ├── fig8_plotter.py
│   ├── fig9_plotter.py
│   ├── fig10_plotter.py
│   ├── fig12_plotter.py
├── results_attacks/
│   ├── pnm/       (Output from PNM attack for Figure 9)
│   ├── drama/     (Output from DRAMA attack for Figure 9)
│   ├── drama_ev/  (Output from DRAMA (eviction sets) attack for Figure 9)
│   ├── pum/       (Output from PUM attack for Figure 9)
│   ├── dma/       (Output from DMA attack for Figure 9)
│   ├── pnm_poc/   (Output from PNM POC attack for Figure 8 and 10)
│   ├── pum_poc/   (Output from PUM POC attack for Figure 8 and 10)
|   |── ...        (Results for these attacks will be here)
├── results_defense/ (Output from defense experiments)
|── outputs_defense/ (Output from defense experiments - only for debugging)
└── traces/        (For defense experiments)

8. Notes

• Script Location: It is recommended to run the script from the root directory of the project, as it relies on relative paths.
• Output Directories: The script creates several output directories (e.g., results_attacks/, results_defense/). Ensure that you have write permissions to the directory where you run the script.
• Configuration: The script uses a Sniper simulator configuration file (impact_baseline.cfg). Ensure that this file is correctly configured for your system and the experiments you want to run.
• Traces: The defense mechanism experiments may require trace files. The script includes commented-out lines to download example traces. You may need to download these or provide your own traces.
• Memory Requirements: Building the simulator can require a significant amount of memory. Ensure your system has sufficient RAM (e.g., 128GB or more is recommended).
• Execution Time: Building the simulator and running the attacks can take a significant amount of time, depending on your system's hardware and the complexity of the experiments. The -j$(nproc) option in the make command helps to speed up the build process by using multiple processor cores.

9. Contact

For questions or issues related to the artifact, please contact the authors: Nisa Bostanci(nisa.bostanci@safari.ethz.ch) and Konstantinos Kanellopoulos (konkanello@gmail.com).