specdoctor | RTL testing framework to find transient execution

by compsec-snu C Version: Current License: No License

X-Ray Key Features Code Snippets Community Discussions Vulnerabilities Install Support

kandi X-RAY | specdoctor Summary

specdoctor is a C library. specdoctor has no bugs, it has no vulnerabilities and it has low support. You can download it from GitHub.

SpecDoctor is an RTL testing framework to find transient execution vulnerabilities in CPUs. Given the CPU RTL design, SpecDoctor outputs standalone PoCs which run on bare-metal CPUs. Currently SpecDoctor supports RISC-V Boom, and RISC-V NutShell. SpecDoctor is accepted at ACM CCS 2022 (paper). To be specific, SpecDoctor consists of 1) RoB monitor instrumentation, 2) suspicious RTL components instrumentation, and 3) dynamic fuzzing framework. RoB monitor instrumentation has to be manually done to print RoBLog on the detection of RoB rollback. Suspicious RTL components instrumentation is automatically done by SpecDoctor compiler, which finds and instruments suspicious RTL components that can be used as a side channel. Dynamic fuzzing framework consists of 4 steps: i) configuration, ii) transient-trigger, iii) secret-transmit, and iv) secret-receive. In configuration step, SpecDoctor populates the template of the attack model (i.e.., context of transient execution, and privileges of attacker and victim) from the given arguments. In transient-trigger step, SpecDoctor finds instructions triggering a transient execution. In secret-transmit step, SpecDoctor finds instructions transiently changing the u-arch states depending on secret. Finally, in secret-receive step, SpecDoctor finds instructions observing the changed u-arch states. For the detail, please see the paper.

Support

Quality

Security

License

Reuse

Support

specdoctor has a low active ecosystem.

It has 8 star(s) with 1 fork(s). There are 1 watchers for this library.

It had no major release in the last 6 months.

specdoctor has no issues reported. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of specdoctor is current.

Quality

specdoctor has no bugs reported.

Security

specdoctor has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

License

specdoctor does not have a standard license declared.

Check the repository for any license declaration and review the terms closely.

Without a license, all rights are reserved, and you cannot use the library in your applications.

Reuse

specdoctor releases are not available. You will need to build from source code and install.

Installation instructions, examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of specdoctor

Get all kandi verified functions for this library.

specdoctor Key Features

No Key Features are available at this moment for specdoctor.

specdoctor Examples and Code Snippets

No Code Snippets are available at this moment for specdoctor.

Community Discussions

No Community Discussions are available at this moment for specdoctor.Refer to stack overflow page for discussions.

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install specdoctor

setup.sh installs required libraries and setup environments. Then, it compiles the CPU RTL sources into simulatable binaries, where suspicious RTL components are detected and instrumented.
setup.sh changes the system environments, so we recommend running it in docker.
RoB monitoring logic, SpecDoctor instrumentation procedure can be found in the sources.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: