This work identifies a novel microarchitectural side-channel threat arising from instruction cache (ICache) line-level conflicts induced by self-modifying code (SMC) on x86 platforms, manifesting as fine-grained, low-noise timing variations. Methodologically, it leverages SMC-triggered ICache conflicts to achieve precise, instruction-level timing discrimination of individual execution paths—first of its kind. It designs enhanced Prime+Probe and Flush+Reload variants, along with a cross-core Spectre-style covert channel, and integrates hardware performance counter (HPC)-driven dynamic monitoring with side-channel modeling to efficiently extract AES keys across multiple generations of x86 processors. Furthermore, it proposes a lightweight runtime detection mechanism with a false positive rate below 2%, establishing the first practical defense framework against SMC-based side-channel attacks.

Self-modifying code (SMC) allows programs to alter their own instructions, optimizing performance and functionality on x86 processors. Despite its benefits, SMC introduces unique microarchitectural behaviors that can be exploited for malicious purposes. In this paper, we explore the security implications of SMC by examining how specific x86 instructions affecting instruction cache lines lead to measurable timing discrepancies between cache hits and misses. These discrepancies facilitate refined cache attacks, making them less noisy and more effective. We introduce novel attack techniques that leverage these timing variations to enhance existing methods such as Prime+Probe and Flush+Reload. Our advanced techniques allow adversaries to more precisely attack cryptographic keys and create covert channels akin to Spectre across various x86 platforms. Finally, we propose a dynamic detection methodology utilizing hardware performance counters to mitigate these enhanced threats.