Skip to content

SpecDet: Detecting Spectre Attacks using CPU Processes State and Spectre Gadgets

License

Notifications You must be signed in to change notification settings

bayegaspard/SpecDet

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

62 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SPECDET

Official Implementation of Short Paper: Static and Microarchitectural ML-Based Approaches for Detecting Spectre Vulnerabilities and Attacks. Hardware and Architectural Support for Security and Privacy (HASP’22) in Conjunction With The 55th IEEE/ACM International Symposium on Microarchitecture (MICRO’22).

Visual Depiction of Research

Problem

Solution

Abstract

Spectre intrusions exploit speculative execution design vulnerabilities in modern processors. The attacks violate the principles of isolation in programs to gain unauthorized private user information. Current state-of-the-art detection techniques utilize micro-architectural features or vulnerable speculative code to detect these threats. However, these techniques are insufficient as Spectre attacks have proven to be more stealthy with recently discovered variants that bypass current mitigation mechanisms. Side-channels generate distinct patterns in processor cache, and sensitive information leakage is dependent on source code vulnerable to Spectre attacks, where an adversary uses these vulnerabilities, such as branch prediction, which causes a data breach. Previous studies predominantly approach the detection of Spectre attacks using the microarchitectural analysis, a reactive approach. Hence, in this paper, we present the first comprehensive evaluation of static and microarchitectural analysis-assisted machine learning approaches to detect Spectre vulnerable code snippets (preventive) and Spectre attacks (reactive). We evaluate the performance trade-offs in employing classifiers for detecting Spectre vulnerabilities and attacks.

Cite

@inproceedings{biringa2022short,
  title={Short Paper: Static and Microarchitectural ML-Based Approaches For Detecting Spectre Vulnerabilities and Attacks},
  author={Biringa, Chidera and Gaspard, Baye and Kul, Gokhan},
  booktitle={Proceedings of the 11th International Workshop on Hardware and Architectural Support for Security and Privacy},
  pages={53--57},
  year={2022}
}

Installation

$ git clone https://github.com/biringaChi/SPECDET
$ cd specdet
$ pip install -r requirements.txt

Gadget Data

Refer: Gadgets

CPU-PS Data

Refer: CPU-PS

Generating Spectre Embeddings

$ cd src/SGDetector/
$ python spectre_embed.py

Train & Test Vulnerability Detector

$ cd src/SGDetector/
$ python train.py --epochs=<arg> --lr=<arg> --batch_size=<arg>

Evaluate

$ cd src/SGDetector/
$ python test.py

Train & Test Attack Detector

$ cd src/CPSDetector/
$ python train.py

Presentation Video

Acknowledgments

This work has been funded by UMass Dartmouth Cybersecurity Center. Usual disclaimers apply.

LICENSE

MIT LICENSE.

About

SpecDet: Detecting Spectre Attacks using CPU Processes State and Spectre Gadgets

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 99.2%
  • Shell 0.8%