Overview

Discovered in 2017 and publicly disclosed in January 2018, the Spectre attack exploits critical vulnerabilities existing in many modern processors, including those from Intel, AMD, and ARM. The vulnerabilities allow a program to break inter-process and intra-process isolation, so a malicious program can read the data from the area that is not accessible to it. Such an access is not allowed by the hardware protection mechanism (for inter-process isolation) or software protection mechanism (for intra-prcess isolation), but a vulnerability exists in the design of CPUs that makes it possible to defeat the protections. Because the flaw exists in the hardware, it is very difficult to fundamentally fix the problem, unless we change the CPUs in our computers. The Spectre vulnerability represents a special genre of vulnerabilities in the design of CPUs. Along with the Meltdown vulnerability, they provide an invaluable lesson for security education.

The learning objective of this lab is for students to gain first-hand experiences on the Spectre attack. The attack itself is quite sophisticated, so we break it down into several small steps, each of which is easy to understand and perform. Once students understand each step, it should not be difficult for them to put everything together to perform the actual attack.

Lab Tasks

  • VM version: This lab has been tested on our pre-built SEEDUbuntu16.04 VM.

Recommended Time

  • Supervised situation (e.g. a closely-guided lab session):
  • Unsupervised situation (e.g. take-home project):

Videos (New)

Note

  • Although the Spectre vulnerability is a common design flaw inside Intel, AMD, and ARM CPUs, we have only tested the lab activities on Intel CPUs.
  • Even if the OS of the host machine is patched, the attack still works, because we did not patch the Linux OS running inside the VM.

Files that are Needed

Suggested Reading

  • SEED Book by Wenliang Du (Book website) (Chinese version)
  • Meltdown and Spectre

SEED Labs

SEED Books

SEED Lectures