This repository provides a collection of tools to trace and analyze the behavior of programs in the context of system security research. When conventional debugging fails, researchers need to develop alternative tooling for debugging purposes. To limit the time spent on that, this catalog collects tools and techniques from research projects.
System security research often involves building tools for debugging during the development of side-channel analysis tools, building hardening or verification frameworks, or finding attack vectors. As conventional debuggers often fall short in those scenarios, new debugging strategies are needed. The debugging strategies are built upon collecting traces and then analyzing them in appropriate ways. Many approaches to generate or analyze the data are reusable across different research projects. To further improve the reusability, the tools convert the tracing output to established shared formats like value change dump (VCD) and build the analysis based on this format.
An introduction to the debugging strategies will be presented at the 2nd Microarchitecture Security Conference (uASC '26) in the talk titled "Debugging the Un-Debuggable: Advanced Debugging Techniques for Microarchitectural Security Tooling". An extended abstract of the talk can be found here.
The tracers are concerned with collecting data from programs or systems. This includes instrumentation, collecting low-level hardware signal traces and other data exfiltration hacks.
- Pinpoint: Pintool-based tracer for x86-binaries: Traces memory writes (addresses and values), register states, system calls, function arguments, and instruction counts and opcodes; has configurable options for the tracing scope (skip instructions, focus on specific offsets/functions)
- Strace debugging: An
strace-based hack for exfiltrating data when other methods fail - SGX-tracer: Uses
ptraceto intercept enclave loading and dump memory - Verilator: Verilator can trace signals to VCD or FST files
- SGX-Step-based tracer: Page access tracer for Intel SGX, from TLBlur paper
Tools in this category focus on processing and analyzing collected data. They typically operate on data from (one or more of) the tracers, often assuming the shared VCD format.
- GTKWave: Fully featured wave viewer based on GTK
- Interactive debugger: DAP-compatible debugger for VCD/FST files
- Conformance checks: Checking the semantic conformance of new or instrumented implementations by measuring differences to the expected outcome
- Usage in memory-centric side-channel mitigations: Checking instrumented binaries for conformance with original functionality after applying mitigation implementation
- Non-interference checks: Check for differences in attacker-observable signals during side-channel mitigation efficacy assessment
- Usage in memory-centric side-channel mitigations: Checking efficacy of side-channel mitigation implementations after conformance checks
Contributions are welcome. To add a new tool to the catalog:
- Open a pull request modifying the README.md in this repository.
- Add the tool to the appropriate section.
- Provide a short description of the tool and a link to the repository.
Please ensure that the repository is publicly accessible.
The contents of this catalog repository are provided under the CC-BY-4.0 license unless stated otherwise.
Each linked repository is governed by its own license.