2025-07-03, 14:40–15:00 (Europe/Paris), Amphitheater 122
Microarchitectural side-channel attacks exploit subtle hardware behaviors, such as cache activity and instruction retirement patterns, to extract sensitive information. Understanding these attacks is essential for developing effective mitigations. However, real hardware imposes limitations on observability and experimental flexibility. The gem5 simulator, an open-source and highly extensible architectural simulator, provides a powerful environment for analyzing these attacks with fine-grained control over execution, memory access, and timing behaviors.
In this presentation, I will demonstrate how gem5 can be used to evaluate side-channel vulnerabilities, focusing on attack scenarios such as Flush+Fault and Access-Retired attacks targeting the RISC-V architecture. By simulating both attack and non-attack conditions under controlled settings, gem5 enables precise identification of attack patterns. These datasets can then be used to train machine learning (ML) models for classifying microarchitectural events with high accuracy.
By leveraging gem5’s multi-ISA support, full-system simulation, and cycle-accurate modeling, researchers gain deeper insights into attack mechanisms, accelerate the prototyping of detection techniques, and design architectures resilient to both known and emerging side-channel threats. This approach not only enhances detection capabilities but also informs secure hardware-software co-design strategies.
Mahreen Khan is a first-year PhD researcher at Télécom Paris, IP Paris, specializing in microarchitectural security. Her research focuses on side-channel attacks, their impact on modern processor architectures, and potential mitigation strategies.
She completed her Master’s in Integrated Circuit Design in 2024 at Télécom Paris, where she specialized in VLSI, digital/analog IC design, and hardware security. She developed expertise in semiconductor design, low-power architectures, and microarchitecture.
Currently, she explores security vulnerabilities using architectural simulators like gem5, contributing to a deeper understanding of microarchitectural threats and defenses.