0

I am doing some experiments with lowering the bandwidth of spectre to build evasive attack. However when I hit certain bandwidth there were no leakage. To lower the bandwidth I injected safe instruction that just read a certain address again and again before the primitive phase of the attack.

I use the original spectre v1 PoC. Spectre V1 only depends on the state of one branch history entry and the state of one cache line, I'm certain that the safe code I added do not not tamper these states, because it is simply reading a independent address. However, the microarchitectural state needed for the attack is lost somehow when I pause the iterations with this method but I don't know how to exactly explain it because I'm not interrupting the primary atomic task of spectre and the injected instructions are before and after completion of spectre phases.

I also tried just putting the code into sleep and observed the same; attack disables after 75% bandwidth reduction.

The following paper states that lowering the bandwidth with high success rate should be possible: Link To The Paper. I applied the same technique as they reported as the best method to build evasive attack (insertion of safe code before atomic task) but could not reduce the bandwidth to lower than 75% of original PoC.

I appreciate any insight why spectre might be disabled when I hit the certain level of lower bandwidth.

parisa
  • 784
  • 1
  • 8
  • 27
  • Just so that people who might be interested in answering for you know where you're coming from: in addition to writing code what research and articles have you already read to find out why this detail applies? Because if all you did was find the code for it and run it, it's probably too early to post here and you should first [search and research](/help/how-to-ask) the exploit as initially discovered, described, and analysed. – Mike 'Pomax' Kamermans Jun 12 '20 at 17:08
  • Many papers. This paper particularly states that lowering the bandwidth with high success rate should be possible https://ieeexplore.ieee.org/document/9007688 – parisa Jun 12 '20 at 17:12
  • No, not in a comment, _update your post_ to tell everyone what you've already done; that's where details go. (when folks ask questions in comments, it's usually in order to get the post updated, not because they personally want to know the answer). And if a specific paper made that claim, and you can't find the clarification of why in that paper, _talk about that paper_ in your post so that people will know how to focus their answer. – Mike 'Pomax' Kamermans Jun 12 '20 at 17:15
  • 1
    Okay. Thank you. I did as you suggested. – parisa Jun 12 '20 at 17:21

0 Answers0