octopus

Mitigation tester for Spectre V1-V2

Go to file

Samuel Aubertin c0ca5d49b4 Add fcf-protection=none to retpoline gcc flags for Ubuntu/WSL compatibility		2022-04-13 17:18:51 +02:00
uuid_obsd	OpenBSD compatibility, except that GCC is not emiting valid SSE asm, so disable it on OpenBSD	2022-03-01 13:11:25 +01:00
.dockerignore	Add support for Docker. New targets: docker,dockerbuild,dockerrun,dockerpoc and dockerclean.	2022-04-12 11:21:57 +02:00
.gitignore	OpenBSD compatibility, except that GCC is not emiting valid SSE asm, so disable it on OpenBSD	2022-03-01 13:11:25 +01:00
Dockerfile	Add support for Docker. New targets: docker,dockerbuild,dockerrun,dockerpoc and dockerclean.	2022-04-12 11:21:57 +02:00
LICENSE	Add BSD license	2022-01-24 13:57:24 +01:00
logo.png	first	2022-01-22 15:04:17 +01:00
Makefile	Add fcf-protection=none to retpoline gcc flags for Ubuntu/WSL compatibility	2022-04-13 17:18:51 +02:00
octopus.h	Measure total CPU time for leak(), add it to the ouput alongside the git revision	2022-04-13 12:45:14 +02:00
octoupload	Refactor spectre.c and add multiple targets to the Makefile:	2022-01-23 19:37:24 +01:00
README.md	Add common errors	2022-04-12 12:59:16 +02:00
spectre_v1.c	Measure total CPU time for leak(), add it to the ouput alongside the git revision	2022-04-13 12:45:14 +02:00
spectre_v2.c	Measure total CPU time for leak(), add it to the ouput alongside the git revision	2022-04-13 12:45:14 +02:00
TODO.md	Add todo	2022-04-13 12:45:27 +02:00

README.md

OCTOPUS

Samuel AUBERTIN - EURECOM - 2022

OCTOPUS is a Spectre V1 (Bounds Check Bypass) + V2 (Branch Target Injection) vulnerabilty tester.

It measures and uploads the success rate of the Spectre attacks on your CPU using different compilers:

GCC
Clang

And compilation/linking flags such as:

Optimisation levels (-O).
Static/dynamic linking.
Masking and lfence mitigations against Spectre V1.
RETPOLINE mitigation against Spectre V2.

Supported platforms

x86_64 with SSE

Supported distributions

Alpine 3.15
RHEL 8
Fedora 35
OpenBSD 7.0

Docker support

A Dockerfile is provided and used by make docker but be wary: the compiled binaries inside the docker image are heavily dependent on the CPU platform/version and not portable.

You have to build the image on the actual CPU you want to test, otherwise you may stumble upon core dumped: illegal instruction errors.

Results

Results are stored as JSON objects in an unique file for each run, following this pattern: result-$(UUID).json

Dependencies

Compilers: clang and gcc
Linker: lld
For upload: openssh and uuid
The C library static symbols, on Fedora: glibc-static

Running the experiment

make will build, execute and upload the experiment results.

PoC only

make poc will compile and execute v1 and v2 executables once using clang and no optimisations.

Within docker

make docker will build, execute and upload the experiment results within Docker.

make dockerbuild will only build the experiment images named octopus.

make dockerpoc will run the PoC within Docker.

Build only

make build will only build the experiment binaries.

Cleanup

make clean will remove experiment binaries and result files.

make dockerclean will remove the octopus image.

Common errors

core dumped: illegal instruction: Either your CPU does not support SSE or you compiled the executables on a different CPU than the one you are testing.

Results aggregation and upload

Results are automatically uploaded to a server with a dedicated account using sftp.

Here is an exhaustive list of the data sent:

CPU model name and microcode version.
Kernel version and compilation date.
GCC and clang versions.
The list of mitigations enabled at runtime.
The cache timings of the processor computed by the calibrate_threshold() function.
Each spectre execution success rate.

NONE of this data will be used for anyhting else except this experiment.

References

Spectre Attacks: Exploiting Speculative Execution

Both implementations were inspired by: