Reproducing Spectre Attack with gem5: How To Do It Right?

Abstract

As processors become more and more complex due to performance optimizations and energy savings, new attack surfaces raise. We know that the micro-architecture of a processor leaks some information into the architectural domain. Moreover, some mechanisms like speculative execution can be exploited to execute malicious instructions. As a consequence, it allows a process to spy another process or to steal data. These attacks are consequences of fundamental design issues, thus they are complicated to fix and reproduce. Simulation would be of a great help for scientific research for microarchitectural security, but it also leads to new challenges. We try to address the first challenges to demonstrate that simulation could be useful in research and an interesting technique to develop in the future.