There are three major components of this tool.
- Counter (Counter.py): Collects HPC data of the process under observation for 100ms.
- Detector (detector.py): Detects the presense of Spectre using a pre-trained multi-class model.
- Patching (patch.py): Restart the program with spectre defence (load barriers) instrumented in the binary.
When a process is under spectre attack, the attacker tries to continuously mistrain the branch predictor and perform cache attack. This behaviour causes an unusual number of cache misses and speculative loads. Specdefender detects these abnormalities using a pre-trained model and restarts the process with spectre defences.
In presence of SpecDefender, when a process is attacked by spectre it transitions through 4 states.
- Normal: Spectre-unsafe high performance program
- Attack: Spectre-unsafe high performance program under attack [transient state]
- safe under attack: Spectre-safe slow program under attack
- safe: Spectre-safe slow program not under attack
Run the detector.py file along with sample spectre test code from /test directory.
@inproceedings{10.1145/3560834.3563830,
author = {Choudhari, Amit and Guilley, Sylvain and Karray, Khaled},
title = {SpecDefender: Transient Execution Attack Defender Using Performance Counters},
year = {2022},
isbn = {9781450398848},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3560834.3563830},
doi = {10.1145/3560834.3563830},
booktitle = {Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security},
pages = {15–24},
numpages = {10},
keywords = {efficient mitigation, speculative execution, spectre, transient execution attack},
location = {Los Angeles, CA, USA},
series = {ASHES'22}
}
- [-] Add support for DBI
Free Software, Hell Yeah!