Revizor: Testing Black-Box CPUs Against Speculation Contracts

Oleksii Oleksenko, Christof Fetzer, Boris Kopf, Mark Silberstein

Research output: Contribution to journalArticlepeer-review


Speculative execution attacks such as Spectre and Meltdown exploit microarchitectural optimizations to leak information across security domains. These vulnerabilities often stay undetected for years because we lack the tools for systematic analysis of CPUs to find them. In this article, we introduce such a tool, called Revizor, which automatically detects microarchitectural leakage in black-box CPUs. The key idea is to employ speculation contracts to model the expected information leaks, and then to use randomized testing to compare the CPUas leakage against the model and thus detect unexpected leaks. We showcase the effectiveness of this approach on Intel CPUs, where we demonstrate that Revizor is capable of detecting both known and previously unknown speculative leaks.

Original languageEnglish
Pages (from-to)37-44
Number of pages8
JournalIEEE Micro
Issue number4
StatePublished - 1 Jul 2023

All Science Journal Classification (ASJC) codes

  • Software
  • Electrical and Electronic Engineering
  • Hardware and Architecture


Dive into the research topics of 'Revizor: Testing Black-Box CPUs Against Speculation Contracts'. Together they form a unique fingerprint.

Cite this