Amutheezan

Amutheezan

Get the solutions customized for you

Spectre Vulnerablity Simulation

2 minute read

Published:

In this post, I share some details on my extension to a simple simulation for the Spectre attack as part of the assignment for COSC 6385 course at the University of Houston.

How Attack Works

Spectre attacks alters the branch prediction system. It can affect the branch prediction system by following two scenarios.

  1. By mistraining the branch predictor. To achieve this the attacker executes a apparently innocent code designed to confuse the system. Then, attacker executes a branch that will definitely mispredicted, and that will eventually jump into the piece of code chosen by attacker. This piece of code also know and gadget, which can later steal the secret data.

  2. Through direct injection. When the sub parts of branch prediction system are shared among different programs and if one is an attacking program, this attack can easily achieve using carefully chosen bad-data. When victim executes their program either at the same time as the attacker or afterward, the victim will wind up using the predictor state that was filled in by the attacker and unwittingly start to run the gadget. In this scenario victim program is attacked by another program.

Demo

Environment Setup

  • Oracle Virtual Box : Version 6.1.18 r142142 (Qt5.6.3)
  • Ubuntu 16.04.07 LTS
  • Kernel Version: 4.15.0-136-generic

First I clone the repository and compile the file spectre.c using following command,

gcc spectre.c -o spectre

This will generate the executable file which will demonstrate the spectre attack. Then I execute the executable file using the following command,

./spectre

and I obtained following results.

image

image

As circled in the above figures the exploitation happen successfully and it able to read the secret contents.

Note: I didn’t face any issue while compiling or running the demo.

How to Fix

SOFTWARE

For software level protection, we can uses the patches such as LLVM patch, MSVC and ARM speculation barrier header. Further, some mitigation proposed by paper which disclose the spectre for the first time to public [1].
(1). Inserting serializing instruction can helps on avoiding indirect branch poisoning.
(2). By enabling strategies to prevent reading secret data, when performing speculative execution.
(3). Intel tries to prevent the branch poisoning using microcode updates for some processors, which fall-back to the BTB for the prediction, to disable this fall-back mechanism

HARDWARE

By tracking down whether the data was fetch as a result of speculative execution or not. And if it obtained from speculative execution then prevent it using in subsequent execution, which might leak the information.

Note: Meltdown attack simulation can be found in the post.

REFERENCES

  1. Spectre Paper

You May Also Enjoy

CPU/GPU/TPU Performance Comparison

7 minute read

Published:

I have implemented following simple comparison ofn performance on Google Colab CPU, GPU, and TPU as a part of an assignment for COSC 6385 course in University of Houston.

Meltdown Vulnerability Simulation

5 minute read

Published:

I have implemented a simple simulation for the Meltdown vulnerability as part of the assignment for COSC 6385 course at the University of Houston.

Simulation of Tomasulo Algorithm

1 minute read

Published:

In this post, I have some details on my extension to a simple simulation for the Tomasulo algorithm as a part of the assignment for COSC 6385 course at the University of Houston.

Python Multi Processing

less than 1 minute read

Published:

I have developed a basic Python Library to provide abstraction to parallel programming. This library is based on in built-in library multiprocessing in python and 3rd party library ray. In this blog post I will explain in details about the implementations in addition to existing documentations.