From 604a544978f538b5d128284a7e1a9fa9b868b986 Mon Sep 17 00:00:00 2001 From: Yuheng Yang Date: Thu, 1 Feb 2024 16:12:05 -0500 Subject: [PATCH] 2024 release --- README.md | 2 +- index.html | 185 ------------------------------------------------ part1/warmup.js | 2 +- part2/eval.py | 28 ++++---- part2/worker.js | 6 +- part3/eval.py | 28 ++++---- part3/worker.js | 6 +- report.md | 89 +++++++++++++++++++++++ update.sh | 48 ------------- 9 files changed, 125 insertions(+), 269 deletions(-) delete mode 100644 index.html create mode 100644 report.md delete mode 100644 update.sh diff --git a/README.md b/README.md index e4ace86..9d91c29 100644 --- a/README.md +++ b/README.md @@ -9,4 +9,4 @@ In this lab, students implement the techniques from our group's ISCA 2022 paper `There's Always a Bigger Fish: A Case Study of a Misunderstood Timing Side Channel`. Students will begin by implementing a seemingly familiar cache-based side channel attack in Javascript, and will then be asked to reason about why this attack works. Then, students will remove a core part of the attack, but see that the code still works. **Setup** -Students can complete this lab on their own machines. MacOS, Linux, Windows all should work. Google Chrome is required for Part 4 of this lab. +Students can complete this lab on their own machines. MacOS, Linux, Windows all should work. diff --git a/index.html b/index.html deleted file mode 100644 index eff4b48..0000000 --- a/index.html +++ /dev/null @@ -1,185 +0,0 @@ - - - - - Website Fingerprinting Lab - - - -

Website Fingerprinting Lab

-
- - -
-
- - - - diff --git a/part1/warmup.js b/part1/warmup.js index 1854ddb..ca66d1b 100644 --- a/part1/warmup.js +++ b/part1/warmup.js @@ -1,7 +1,7 @@ const runs = 10; function measureOneLine() { - const LINE_SIZE = 16; // 64/sizeof(int) + const LINE_SIZE = 32; // 128/sizeof(int) let result = []; // Fill with -1 to ensure allocation diff --git a/part2/eval.py b/part2/eval.py index 9920907..94f7c50 100644 --- a/part2/eval.py +++ b/part2/eval.py @@ -6,22 +6,22 @@ from sklearn.metrics import classification_report from sklearn.model_selection import train_test_split def eval(): - y_pred_full, y_test_full = [], [] + y_pred_full, y_test_full = [], [] - # Re-train 10 times in order to reduce effects of randomness - for i in range(10): - ### TODO: Exercise 2-4 - ### 1. Load data from traces file - ### 2. Split data into X_train, X_test, y_train, y_test with train_test_split - ### 3. Train classifier with X_train and y_train - ### 4. Use classifier to make predictions on X_test. Save the result to a variable called y_pred + # Re-train 10 times in order to reduce effects of randomness + for i in range(10): + ### TODO: Exercise 2-5 + ### 1. Load data from traces file + ### 2. Split data into X_train, X_test, y_train, y_test with train_test_split + ### 3. Train classifier with X_train and y_train + ### 4. Use classifier to make predictions on X_test. Save the result to a variable called y_pred - # Do not modify the next two lines - y_test_full.extend(y_test) - y_pred_full.extend(y_pred) + # Do not modify the next two lines + y_test_full.extend(y_test) + y_pred_full.extend(y_pred) - ### TODO: Exercise 2-4 (continued) - ### 5. Print classification report using y_test_full and y_pred_full + ### TODO: Exercise 2-5 (continued) + ### 5. Print classification report using y_test_full and y_pred_full if __name__ == "__main__": - eval() + eval() diff --git a/part2/worker.js b/part2/worker.js index fed89d2..4f00e5d 100644 --- a/part2/worker.js +++ b/part2/worker.js @@ -1,6 +1,6 @@ // Number of sweep counts -// TODO: Choose an appropriate value! -let P; +// TODO (Exercise 2-1): Choose an appropriate value! +let P = 1000; // Number of elements in your trace let K = 5 * 1000 / P; @@ -21,7 +21,7 @@ function record() { // Save start timestamp start = performance.now(); - // TODO: Record data for 5 seconds and save values to T. + // TODO (Exercise 2-1): Record data for 5 seconds and save values to T. // Once done recording, send result to main thread postMessage(JSON.stringify(T)); diff --git a/part3/eval.py b/part3/eval.py index ceedece..94f7c50 100644 --- a/part3/eval.py +++ b/part3/eval.py @@ -6,22 +6,22 @@ from sklearn.metrics import classification_report from sklearn.model_selection import train_test_split def eval(): - y_pred_full, y_test_full = [], [] + y_pred_full, y_test_full = [], [] - # Re-train 10 times in order to reduce effects of randomness - for i in range(10): - ### TODO: Exercise 5 - ### 1. Load data from traces file - ### 2. Split data into X_train, X_test, y_train, y_test with train_test_split - ### 3. Train classifier with X_train and y_train - ### 4. Use classifier to make predictions on X_test. Save the result to a variable called y_pred + # Re-train 10 times in order to reduce effects of randomness + for i in range(10): + ### TODO: Exercise 2-5 + ### 1. Load data from traces file + ### 2. Split data into X_train, X_test, y_train, y_test with train_test_split + ### 3. Train classifier with X_train and y_train + ### 4. Use classifier to make predictions on X_test. Save the result to a variable called y_pred - # Do not modify the next two lines - y_test_full.extend(y_test) - y_pred_full.extend(y_pred) + # Do not modify the next two lines + y_test_full.extend(y_test) + y_pred_full.extend(y_pred) - ### TODO: Exercise 5 (continued) - ### 5. Print classification report using y_test_full and y_pred_full + ### TODO: Exercise 2-5 (continued) + ### 5. Print classification report using y_test_full and y_pred_full if __name__ == "__main__": - eval() + eval() diff --git a/part3/worker.js b/part3/worker.js index fed89d2..1200b11 100644 --- a/part3/worker.js +++ b/part3/worker.js @@ -1,6 +1,6 @@ // Number of sweep counts -// TODO: Choose an appropriate value! -let P; +// TODO (Exercise 3-1): Choose an appropriate value! +let P = 1000; // Number of elements in your trace let K = 5 * 1000 / P; @@ -21,7 +21,7 @@ function record() { // Save start timestamp start = performance.now(); - // TODO: Record data for 5 seconds and save values to T. + // TODO (Exercise 3-1): Record data for 5 seconds and save values to T. // Once done recording, send result to main thread postMessage(JSON.stringify(T)); diff --git a/report.md b/report.md new file mode 100644 index 0000000..2648cdc --- /dev/null +++ b/report.md @@ -0,0 +1,89 @@ + + +## Optional + +**Report your browser version, CPU type, cache size, RAM amount, and OS. We use this information to learn about the attack’s behavior on different machines.** + +- Browser: +- CPU: +- Cache sizes: +- RAM: +- OS: + + + + +## 1-2 + +**Use the values printed on the webpage to find the median access time and report your results as follows.** + +| Number of Cache Lines | Median Access Latency (ms) | +| --------------------- | -------------------------- | +| 1 | | +| 10 | | +| 100 | | +| 1,000 | | +| 10,000 | | +| 100,000 | | +| 1,000,000 | | +| 10,000,000 | | + + + + +## 1-3 + +**According to your measurement results, what is the resolution of your `performance.now()`? In order to measure differences in time with `performance.now()``, approximately how many cache accesses need to be performed?** + + + + +## 2-2 + +**Report important parameters used in your attack. For each sweep operation, you access N addresses, and you count the number of sweep operations within a time interval P ms. What values of N and P do you use? How do you choose N? Why do not you choose P to be larger or smaller?** + + + + +## 2-3 + +**Take screenshots of the three traces generated by your attack code and include them in the lab report.** + +![Screenshot of traces](./part2/Screenshot.png) + + + + +## 2-4 + +**Use the Python code we provided in Part 2.1 to analyze simple statistics (mean, median, etc.) on the traces from google.com and nytimes.com. Report the statistic numbers.** + + + + +## 2-6 + +**Include your classification results in your report.** + +``` + +``` + + + + +## 3-2 + +**Include your new accuracy results for the modified attack code in your report.** + +``` + +``` + + + + +## 3-3 + +**Compare your accuracy numbers between Part 2 and 3. Does the accuracy decrease in Part 3? Do you think that our “cache-occupancy” attack actually exploits a cache side channel? If not, take a guess as to possible root causes of the modified attack.** + diff --git a/update.sh b/update.sh deleted file mode 100644 index 3de44f5..0000000 --- a/update.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# Updates repository to latest starter code -# -# Adapted from Oliver Beckstein's ASU-CompMethodsPhysics-PHY494 course 2016-2020 placed into the public domain - -# With GitHub template repositories one needs to use --allow-unrelated-histories -# at least once. https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template - -progname="$0" -REMOTE_NAME="startercode" -REMOTE_URL="https://github.com/CSAIL-Arch-Sec/SHD-WebsiteFingerprintingLab.git" - -# progname, from top dir -UPDATESH="./deploy/$(basename $progname)" - -CONTACT_MESSAGE="Contact the instructor and TA with a screen shot of ALL output from running $0." - -function die () { - local msg="$1" err=${2:-1} - echo "ERROR: ${msg}." - exit $err -} - -# ensure everything relative to top dir -topdir="$(git rev-parse --show-toplevel)" || die "Failed to get rootdir" -cd "${topdir}" || die "Failed to get to the git root dir ${rootdir}" - - -# first time -# 1. set remote repo -# 2. merge histories between student (template) and remote skeleton - -if ! git remote get-url ${REMOTE_NAME} >/dev/null 2>&1; then - echo "Adding remote repository '${REMOTE_NAME}'." - git remote add ${REMOTE_NAME} ${REMOTE_URL} - - echo "Merging histories for the first time..." - set -x - git pull --allow-unrelated-histories -s recursive -X theirs --no-edit ${REMOTE_NAME} main || \ - { git rev-list -1 MERGE_HEAD >/dev/null 2>&1 && git merge --abort ; \ - git remote rm ${REMOTE_NAME}; \ - die "Failed to merge histories. ${CONTACT_MESSAGE}" $?; } - - set +x -fi - -echo "updating repository... git pull from ${REMOTE_NAME}" -git pull --no-edit ${REMOTE_NAME} main || die "Failed to pull from ${REMOTE_NAME}. ${CONTACT_MESSAGE}"