Skip to content

sabbaghm/boom-attacks

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
inc
inc
 
 
link
link
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

SonicBOOM Speculative Attacks

This repository holds all the work-in-progress code used to check if SonicBOOM is susceptible to Spectre attacks. This is work is based on the boom-attacks.

Further Details

BOOM Configuration

This is working with the version of SonicBOOM located at this commit.

Implemented Attacks

The following attacks are upgraded within the repo.

  • Spectre-v1 or Bounds Check Bypass [1]
    • condBranchMispred.c
  • Spectre-v2 or Branch Target Injection [1]
    • indirBranchMispred.c
  • Return Stack Buffer Attack [2]
    • returnStackBuffer.c

Building the tests

To build you need to run make

Running the Tests

This builds "baremetal" binaries that can directly run on the BOOM configuration that was specified above.

References

[1] P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, “Spectre attacks: Exploiting speculative execution,” ArXiv e-prints, Jan. 2018

[2] E. M. Koruyeh, K. N. Khasawneh, C. Song, N. Abu-Ghazaleh, “Spectre Returns! Speculation Attacks using the Return Stack Buffer,” 12th USENIX Workshop on Offensive Technologies, 2018

About

Proof of concepts for speculative attacks using the BOOM core (https://github.com/riscv-boom/riscv-boom)

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 92.5%
  • Assembly 5.6%
  • Makefile 1.9%