OCTOPUS
Samuel AUBERTIN - EURECOM - 2022
OCTOPUS is a Spectre V1 (Bounds Check Bypass) + V2 (Branch Target Injection) compiler flag tester.
It measures the success rate of the attacks using different compilers:
- GCC
- CLANG
And compilation/linking flags such as:
- Optimisation levels (
-O) - Static/dynamic linking
- Masking and lfence as mitigation against Spectre V1
- RETPOLINE as mitigation against Spectre V2
Results
Results are stored as JSON objects in an unique file for each run, following this pattern: result-$(UUID).json
Dependencies
clangandlldgccsftpuuid- The libC static symbols:
glibc-static
Execution
Will build, execute and upload the results.
make
Build only
make [-j XXX] build where XXX is the number of parallel processes.
Results aggregation
Results are automatically uploaded to a server with a dedicated account using sftp.
Here is an exhaustive list of the data sent:
- CPU model name and microcode version.
- Kernel version and compilation date.
- GCC and clang versions.
- The list of mitigations enabled at runtime.
- The cache timings of the processor computed by the
calibrate_threshold()function. - Each spectre execution success rate.
NONE of this data will be used for anyhting else except this experiment.
References
Both implementations are heavily inspired by: