Analyzing Microarchitectural Side-Channel Attacks Using Open-source gem5 simulator

Microarchitectural side-channel attacks exploit subtle hardware behaviors, such as cache activity and instruction retirement patterns, to extract sensitive information. Understanding these attacks is essential for developing effective mitigations. However, real hardware imposes limitations on observability and experimental flexibility. The gem5 simulator, an open-source and highly extensible architectural simulator, provides a powerful environment for analyzing these attacks with fine-grained control over execution, memory access, and timing behaviors. In this presentation, I will demonstrate how gem5 can be used to evaluate side-channel vulnerabilities, focusing on attack scenarios such as Flush+Fault and Access-Retired attacks targeting the RISC-V architecture. By simulating both attack and non-attack conditions under controlled settings, gem5 enables precise identification of attack patterns. These datasets can then be used to train machine learning (ML) models for classifying microarchitectural events with high accuracy. By leveraging gem5’s multi-ISA support, full-system simulation, and cycle-accurate modeling, researchers gain deeper insights into attack mechanisms, accelerate the prototyping of detection techniques, and design architectures resilient to both known and emerging side-channel threats. This approach not only enhances detection capabilities but also informs secure hardware-software co-design strategies.