4.6 KiB
OCTOPUS
Samuel AUBERTIN - EURECOM - 2022
OCTOPUS is a Spectre V1 (Bounds Check Bypass) + V2 (Branch Target Injection) vulnerabilty and mitigation tester.
It measures and uploads the success rate of the Spectre attacks on your CPU using different compilers:
... compilation/linking flags such as:
- Optimisation levels (
-O). - Static/dynamic linking.
... and mitigations:
Supported platforms
- x86_64 with SSE
Supported distributions
- OpenBSD 7.0
- Alpine 3.15
- Fedora 35
- RHEL 8
- Ubuntu 20.04
Source support
Experiment is the most complete when compiled from source:
OpenBSD
$ doas pkg_add git gmake clang gcc
$ git clone https://gitlab.eurecom.fr/aubertin/octopus.git
$ gmake -C octopus all
Alpine
$ apk add make git openssh-client-default util-linux-misc util-linux-dev gcc clang musl-dev lld coreutils
$ git clone https://gitlab.eurecom.fr/aubertin/octopus.git
$ make -C octopus all
Fedora/RHEL
$ sudo yum install -y git make clang gcc glibc-static lld uuid
$ git clone https://gitlab.eurecom.fr/aubertin/octopus.git
$ make -C octopus all
Debian/Ubuntu
$ sudo apt install -y git make gcc clang lld uuid
$ git clone https://gitlab.eurecom.fr/aubertin/octopus.git
$ make -C octopus all
Docker support
A Dockerfile is provided and used by make docker but be wary: the compiled binaries inside the docker image are heavily dependent on the CPU platform/version and not portable.
You have to build the image on the actual CPU you want to test, otherwise you may stumble upon core dumped: illegal instruction errors.
WSL support
The code runs on WSL2 using the default distribution (Ubuntu).
To install WSL, from a priviledged PowerShell prompt:
PS C:\Users\user> wsl --install
Once the installation is complete, you can install the dependencies and run the experiment from the WSL console:
$ sudo apt update && sudo apt upgrade -y && sudo apt install -y git make gcc clang lld uuid
$ git clone https://gitlab.eurecom.fr/aubertin/octopus.git
$ make -C octopus all
Results
Results are stored as JSON objects in an unique file for each run, following this pattern: result-$(UUID).json
Dependencies
- Compilers:
clangandgcc - Linker:
lld - For upload:
opensshanduuid - The C library static symbols, on Fedora:
glibc-static
Running the experiment with Make
make will build, execute and upload the experiment results.
PoC only
make poc will compile and execute v1 and v2 executables once using clang and no optimisations.
Within docker
make docker will build, execute and upload the experiment results within Docker.
make dockerbuild will only build the experiment images named octopus.
make dockerpoc will run the PoC within Docker.
Build only
make build will only build the experiment binaries.
Cleanup
make clean will remove experiment binaries and result files.
make dockerclean will remove the octopus image.
Common errors
core dumped: illegal instruction: Either your CPU does not support SSE or you compiled the executables on a different CPU than the one you are testing.
Results aggregation and upload
Results are automatically uploaded to a server with a dedicated account using sftp.
Here is an exhaustive list of the data sent:
- CPU model name and microcode version.
- Kernel version and compilation date.
- GCC and clang versions.
- The list of mitigations enabled at runtime.
- The cache timings of the processor computed by the
calibrate_threshold()function and the experiment duration. - Each spectre execution success rate.
- The code version.
NONE of this data will be used for anyhting else except this experiment.
References
Both implementations were inspired by: