Revizor: Testing Black-Box CPUs Against Speculation Contracts

Oleksii Oleksenko; Christof Fetzer; Boris Kopf; Mark Silberstein

doi:10.1109/MM.2023.3273009

Revizor: Testing Black-Box CPUs Against Speculation Contracts

Oleksii Oleksenko, Christof Fetzer, Boris Kopf, Mark Silberstein

Technion - Israel Institute of Technology

Research output: Contribution to journal › Article › peer-review

Abstract

Speculative execution attacks such as Spectre and Meltdown exploit microarchitectural optimizations to leak information across security domains. These vulnerabilities often stay undetected for years because we lack the tools for systematic analysis of CPUs to find them. In this article, we introduce such a tool, called Revizor, which automatically detects microarchitectural leakage in black-box CPUs. The key idea is to employ speculation contracts to model the expected information leaks, and then to use randomized testing to compare the CPUas leakage against the model and thus detect unexpected leaks. We showcase the effectiveness of this approach on Intel CPUs, where we demonstrate that Revizor is capable of detecting both known and previously unknown speculative leaks.

Original language	English
Pages (from-to)	37-44
Number of pages	8
Journal	IEEE Micro
Volume	43
Issue number	4
DOIs	https://doi.org/10.1109/MM.2023.3273009
State	Published - 1 Jul 2023

All Science Journal Classification (ASJC) codes

Software
Electrical and Electronic Engineering
Hardware and Architecture

Access to Document

10.1109/MM.2023.3273009

Cite this

@article{b5ea654a7fb24be7a418fe319ebe2b65,

title = "Revizor: Testing Black-Box CPUs Against Speculation Contracts",

abstract = "Speculative execution attacks such as Spectre and Meltdown exploit microarchitectural optimizations to leak information across security domains. These vulnerabilities often stay undetected for years because we lack the tools for systematic analysis of CPUs to find them. In this article, we introduce such a tool, called Revizor, which automatically detects microarchitectural leakage in black-box CPUs. The key idea is to employ speculation contracts to model the expected information leaks, and then to use randomized testing to compare the CPUas leakage against the model and thus detect unexpected leaks. We showcase the effectiveness of this approach on Intel CPUs, where we demonstrate that Revizor is capable of detecting both known and previously unknown speculative leaks.",

author = "Oleksii Oleksenko and Christof Fetzer and Boris Kopf and Mark Silberstein",

note = "Publisher Copyright: {\textcopyright} 1981-2012 IEEE.",

year = "2023",

month = jul,

day = "1",

doi = "10.1109/MM.2023.3273009",

language = "الإنجليزيّة",

volume = "43",

pages = "37--44",

journal = "IEEE Micro",

issn = "0272-1732",

publisher = "IEEE Computer Society",

number = "4",

}

TY - JOUR

T1 - Revizor

T2 - Testing Black-Box CPUs Against Speculation Contracts

AU - Oleksenko, Oleksii

AU - Fetzer, Christof

AU - Kopf, Boris

AU - Silberstein, Mark

PY - 2023/7/1

Y1 - 2023/7/1

N2 - Speculative execution attacks such as Spectre and Meltdown exploit microarchitectural optimizations to leak information across security domains. These vulnerabilities often stay undetected for years because we lack the tools for systematic analysis of CPUs to find them. In this article, we introduce such a tool, called Revizor, which automatically detects microarchitectural leakage in black-box CPUs. The key idea is to employ speculation contracts to model the expected information leaks, and then to use randomized testing to compare the CPUas leakage against the model and thus detect unexpected leaks. We showcase the effectiveness of this approach on Intel CPUs, where we demonstrate that Revizor is capable of detecting both known and previously unknown speculative leaks.

AB - Speculative execution attacks such as Spectre and Meltdown exploit microarchitectural optimizations to leak information across security domains. These vulnerabilities often stay undetected for years because we lack the tools for systematic analysis of CPUs to find them. In this article, we introduce such a tool, called Revizor, which automatically detects microarchitectural leakage in black-box CPUs. The key idea is to employ speculation contracts to model the expected information leaks, and then to use randomized testing to compare the CPUas leakage against the model and thus detect unexpected leaks. We showcase the effectiveness of this approach on Intel CPUs, where we demonstrate that Revizor is capable of detecting both known and previously unknown speculative leaks.

UR - http://www.scopus.com/inward/record.url?scp=85163968802&partnerID=8YFLogxK

U2 - 10.1109/MM.2023.3273009

DO - 10.1109/MM.2023.3273009

M3 - مقالة

SN - 0272-1732

VL - 43

SP - 37

EP - 44

JO - IEEE Micro

JF - IEEE Micro

IS - 4

ER -

Revizor: Testing Black-Box CPUs Against Speculation Contracts

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this