sk4nz/octopus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Mitigation tester for Spectre V1-V2
51 Commits 1 Branch 0 Tags 132 KiB
C 60.6%
Makefile 37.7%
Dockerfile 1.7%
2161eaf38b
Go to file
Samuel Aubertin 2161eaf38b Typo in help
2022-04-13 17:37:13 +02:00
uuid_obsd OpenBSD compatibility, except that GCC is not emiting valid SSE asm, so disable it on OpenBSD 2022-03-01 13:11:25 +01:00
.dockerignore Add support for Docker. New targets: docker,dockerbuild,dockerrun,dockerpoc and dockerclean. 2022-04-12 11:21:57 +02:00
.gitignore OpenBSD compatibility, except that GCC is not emiting valid SSE asm, so disable it on OpenBSD 2022-03-01 13:11:25 +01:00
Dockerfile Add support for Docker. New targets: docker,dockerbuild,dockerrun,dockerpoc and dockerclean. 2022-04-12 11:21:57 +02:00
LICENSE Add BSD license 2022-01-24 13:57:24 +01:00
logo.png first 2022-01-22 15:04:17 +01:00
Makefile Typo in help 2022-04-13 17:37:13 +02:00
octopus.h Measure total CPU time for leak(), add it to the ouput alongside the git revision 2022-04-13 12:45:14 +02:00
octoupload Refactor spectre.c and add multiple targets to the Makefile: 2022-01-23 19:37:24 +01:00
README.md Add common errors 2022-04-12 12:59:16 +02:00
spectre_v1.c Measure total CPU time for leak(), add it to the ouput alongside the git revision 2022-04-13 12:45:14 +02:00
spectre_v2.c Measure total CPU time for leak(), add it to the ouput alongside the git revision 2022-04-13 12:45:14 +02:00
TODO.md Add todo 2022-04-13 12:45:27 +02:00

README.md

OCTOPUS

Samuel AUBERTIN - EURECOM - 2022

SPECTRE Octopus Logo

OCTOPUS is a Spectre V1 (Bounds Check Bypass) + V2 (Branch Target Injection) vulnerabilty tester.

It measures and uploads the success rate of the Spectre attacks on your CPU using different compilers:

And compilation/linking flags such as:

  • Optimisation levels (-O).
  • Static/dynamic linking.
  • Masking and lfence mitigations against Spectre V1.
  • RETPOLINE mitigation against Spectre V2.

Supported platforms

  • x86_64 with SSE

Supported distributions

  • Alpine 3.15
  • RHEL 8
  • Fedora 35
  • OpenBSD 7.0

Docker support

A Dockerfile is provided and used by make docker but be wary: the compiled binaries inside the docker image are heavily dependent on the CPU platform/version and not portable.

You have to build the image on the actual CPU you want to test, otherwise you may stumble upon core dumped: illegal instruction errors.

Results

Results are stored as JSON objects in an unique file for each run, following this pattern: result-$(UUID).json

Dependencies

  • Compilers: clang and gcc
  • Linker: lld
  • For upload: openssh and uuid
  • The C library static symbols, on Fedora: glibc-static

Running the experiment

make will build, execute and upload the experiment results.

PoC only

make poc will compile and execute v1 and v2 executables once using clang and no optimisations.

Within docker

make docker will build, execute and upload the experiment results within Docker.

make dockerbuild will only build the experiment images named octopus.

make dockerpoc will run the PoC within Docker.

Build only

make build will only build the experiment binaries.

Cleanup

make clean will remove experiment binaries and result files.

make dockerclean will remove the octopus image.

Common errors

  • core dumped: illegal instruction: Either your CPU does not support SSE or you compiled the executables on a different CPU than the one you are testing.

Results aggregation and upload

Results are automatically uploaded to a server with a dedicated account using sftp.

Here is an exhaustive list of the data sent:

  • CPU model name and microcode version.
  • Kernel version and compilation date.
  • GCC and clang versions.
  • The list of mitigations enabled at runtime.
  • The cache timings of the processor computed by the calibrate_threshold() function.
  • Each spectre execution success rate.

NONE of this data will be used for anyhting else except this experiment.

References

Both implementations were inspired by: