Does this include Spectre?
replies(2):
Our labs include building your own real spectre attack against the kernel, bypassing ASLR and building ROP chains with various side channels, finding and exploiting backdoors in a RISC-V CPU by building a hardware fuzzer, and more.
(source: I designed the Spectre lab plus a few others)
All our labs are fully open source for anyone to try: https://github.com/MATCHA-MIT/SHD-StarterCode
If you give them a try, please do let us know what you think! We genuinely want these activities to be fun and approachable (we designed them like a big CTF) and welcome feedback from the community.
- Most academic research has been done on Intel systems, so it's easier for students reading papers to relate to their experiences in the labs
- X86_64 provides convenient cache flush and cycle measurement instructions in userspace
- Intel's strongly ordered memory model and cache inclusion policy makes cross-core side channels simpler to reason about
- Practically, it's easier to scale up server infrastructure on Intel (you can do most of the labs on inexpensive Intel-based Linux systems)
- For Rowhammer, our students attack one particular kind of DRAM that we have profiled and know works well with our machines
- Note that AMD's cache inclusion policy differs from Intel's- we only support Intel chips for now
Down the road I could see us moving to ARM for a few labs (perhaps a future PACMAN attack lab...?)