Spectre: still dangerous attack or opportunity to expand knowledge
| Componente | Categoria |
|---|---|
| Leonardo Querzoni | Aggiungi Tutor di riferimento (Professore o Ricercatore afferente allo stesso Dipartimento del Proponente) |
Spectre is a class of attack that puts various systems at risk, from personal computers to servers [2]. It is a micro-architectural attack that exploits the characteristics of modern processors to extract information it should not be allowed to access. This class of attacks consists in most cases of four phases:
- Identification of a vulnerable point in the victim executable from which to launch the attack.
- Creation of an initial setup known to the attacker
- Waiting for the execution of the victim program
- Checking the setup for changes made during the victim's execution.
The aim of this project is to simplify and automate the first two phases. To do this I will use a technique called fuzzing [1], in an automatic way a large number of random inputs are passed to the program in order to explore all possible paths and detect possible bugs, combined with the Performance Monitoring Unit, a hardware component present in most machines that allows the user to analyse the performance at the architectural and microarchitectural level of the machine, for example obtain information about the core cycles, the number of branch taken, etc. With this methodology we reduce the effort that the attacker must make to carry out the attack, thus making this class more harmful and more accessible to less experienced attackers.
[1] Li, Jun, Bodong Zhao, and Chao Zhang. "Fuzzing: a survey." Cybersecurity 1, no. 1 (2018): 1-13
[2] Xiong, Wenjie, and Jakub Szefer. "Survey of transient execution attacks." arXiv preprint arXiv:2005.13435 (2020).