Revizor
Automatically detect CPU vulnerabilities through principled black-box testing
Modern CPUs use complex optimizations like speculative execution to improve performance. While these optimizations are usually invisible to software, attackers can exploit them to steal sensitive data—as demonstrated by vulnerabilities like Spectre and Meltdown. Finding such vulnerabilities has historically relied on manual analysis and educated guesswork.
Revizor introduces a systematic approach to discovering these vulnerabilities. It automatically tests CPUs by comparing their actual behavior against formal security specifications called speculation contracts. This approach has already uncovered both known vulnerabilities and previously undiscovered variants, demonstrating its effectiveness for hardening CPU security. With a fully automated testing pipeline and an extensible contract system, Revizor enables continuous security testing of CPUs without requiring access to their internal design details.
Hardware-Software Contracts for Secure Speculation
Revizor: Testing Black-box CPUs against Speculation Contracts
Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing
Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions
Finds unknown leaks in CPUs, automatically.
No special setup required; works on off-the-shelf PCs.
Detects a broad range of leaks: from classic side channels to speculative execution attacks, and more.
Fast detection: Spectre V1 detected in ~5 minutes, MDS in ~7 minutes.