An important step to protect software against side-channel vulnerability is to rigorously evaluate it on the target hardware using standard leakage tests. Recently, leakage estimation tools have received a lot of attention to improve this time-consuming process. Despite their advancements, existing tools often neglect the impact of microarchitecture and its underlying events in their leakage model which leads to inaccuracies. This paper takes the first step in addressing these issues by integrating a physical side-channel leakage estimation tool into a microarchitectural simulator. To achieve this, we first systematically explore the impact of various architecture and microarchitecture activities and their underlying interactions on the produced physical side-channel signals and integrate that into the microarchitecture model. Second, to create a comprehensive leakage estimation report, we leverage taint tracking and symbolic execution to accurately analyze different paths and inputs. The final outcome of this work is a tool that takes a binary and generates a leakage report that covers architecture and microarchitecture-related leakages for both data-dependent and path-dependent information leakage scenarios.

中文翻译：

---

模拟我们的更安全软件之路：集成微架构模拟和泄漏估计建模的故事

保护软件免受旁道漏洞影响的一个重要步骤是使用标准泄漏测试在目标硬件上对其进行严格评估。最近，泄漏估计工具受到了广泛关注，以改善这一耗时的过程。尽管取得了进步，但现有工具常常忽略微架构及其泄漏模型中的潜在事件的影响，从而导致不准确。本文通过将物理侧信道泄漏估计工具集成到微架构模拟器中，迈出了解决这些问题的第一步。为了实现这一目标，我们首先系统地探索各种架构和微架构活动的影响及其对生成的物理侧通道信号的潜在交互，并将其集成到微架构模型中。第二，为了创建全面的泄漏估计报告，我们利用污点跟踪和符号执行来准确分析不同的路径和输入。这项工作的最终成果是一个工具，它采用二进制文件并生成泄漏报告，该报告涵盖了数据相关和路径相关信息泄漏场景的架构和微架构相关泄漏。