Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/iaik/transientfail

Website and PoC collection for transient execution attacks
https://github.com/iaik/transientfail

Last synced: 24 days ago
JSON representation

Website and PoC collection for transient execution attacks

Host: GitHub
URL: https://github.com/iaik/transientfail
Owner: IAIK
License: zlib
Created: 2019-04-26T08:18:07.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-03-09T22:02:47.000Z (9 months ago)
Last Synced: 2024-04-06T11:34:25.566Z (8 months ago)
Language: C
Homepage: https://transient.fail
Size: 234 KB
Stars: 160
Watchers: 21
Forks: 37
Open Issues: 13
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-security-collection - **29**星

README

# Transient Fail

Transient Fail is a project that gathers different proof-of-concept implementations of Transient Execution Attacks. It was originally developed for our Usenix 2019 paper

[A Systematic Evaluation of Transient Execution Attacks and Defenses](http://cc0x1f.net/publications/transient_sytematization.pdf) by Canella, Van Bulck, Schwarz, Lipp, von Berg, Ortner, Piessens, Evtyushkin and Gruss

## Content
This project provides two different things:
* In the docs folder, we provide the source for the content of the [transient.fail](http://transient.fail) website.
* In the pocs folder, we provide our proof-of-concept implementations as well as two libraries required for them. Libcache is a small library that provides all the required functionality for time measurement, flushing and loading values, TSX transactions and so on. Libpte is a fork of [PTEditor](https://github.com/misc0110/PTEditor) developed by Michael Schwarz and allows manipulation of paging structures via a Linux kernel module.

## Status

Transient Fail is under active development as we add new proof-of-concepts that we discover during our research. We invite everybody who wants to contribute to do so via pull requests.

## Compilers and Operating Systems

So far, we only support Linux with gcc on x86 and ARMv8. Therefore, we have only tested them on such platforms, but welcome any feedback and pull requests on other platforms.

## Literature

* [Meltdown](https://meltdownattack.com)
* [Spectre](https://spectreattack.com)
* [Foreshadow](https://foreshadowattack.eu)
* [Systematic Evaluation](https://www.usenix.org/conference/usenixsecurity19/presentation/canella)
* [SpectreReturns](https://www.usenix.org/conference/woot18/presentation/koruyeh)
* [ret2spec](https://arxiv.org/pdf/1807.10364.pdf)
* [LazyFP](https://arxiv.org/pdf/1806.07480.pdf)