Spectre Vulnerablity Simulation
How Attack Works
Spectre attacks alters the branch prediction system. It can affect the branch prediction system by following two scenarios.
By mistraining the branch predictor. To achieve this the attacker executes a apparently innocent code designed to confuse the system. Then, attacker executes a branch that will definitely mispredicted, and that will eventually jump into the piece of code chosen by attacker. This piece of code also know and gadget, which can later steal the secret data.
Through direct injection. When the sub parts of branch prediction system are shared among different programs and if one is an attacking program, this attack can easily achieve using carefully chosen bad-data. When victim executes their program either at the same time as the attacker or afterward, the victim will wind up using the predictor state that was filled in by the attacker and unwittingly start to run the gadget. In this scenario victim program is attacked by another program.
- Oracle Virtual Box : Version 6.1.18 r142142 (Qt5.6.3)
- Ubuntu 16.04.07 LTS
- Kernel Version: 4.15.0-136-generic
First I clone the repository and compile the file
spectre.c using following command,
gcc spectre.c -o spectre
This will generate the executable file which will demonstrate the spectre attack. Then I execute the executable file using the following command,
and I obtained following results.
As circled in the above figures the exploitation happen successfully and it able to read the secret contents.
Note: I didn’t face any issue while compiling or running the demo.
How to Fix
Note: Meltdown attack simulation can be found in the post.