Skip to content

isec-tugraz/contextlight

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
aes-ni
aes-ni
 
 
example
example
 
 
module
module
 
 
patches
patches
 
 
License.md
License.md
 
 
README.md
README.md
 
 
context-light.c
context-light.c
 
 
context-light.h
context-light.h
 
 

Repository files navigation

ConTExT-light

This is the PoC implementation for the NDSS'20 paper

ConTExT: A Generic Approach for Mitigating Spectre by Schwarz, Lipp, Canella, Schilling, Kargl, and Gruss

Installation

Prerequiesits

On a Debian-based system, you need to install the following packages:

  • linux-headers
  • build-essential
  • clang

Kernel Module

In order to build the kernel module, run the following command in the module directory:

$ make

To load the module, run as root:

# insmod pteditor.ko

To unload the module after usage, run as root:

# rmmod pteditor

Example

In order to test ConTExT-light, build the provided example in the example directory:

$ make

The Makefile will build two executables: example and example_secured, both implementing a Spectre V1 attack. While the example file is unprotected, example_secured utilizes the ConTExT-light protection to protect its data area with the nospec attribute.

To run the example, just execute it:

$ ./example

The expected output is

[*] Flush+Reload Threshold: 180
[ ]  SECRET 

[>] Done

If you run example_secured, the value SECRET cannot be recovered.

About

The PoC for ConTExT-light

Resources

Readme

License

Zlib license
Activity
Custom properties

Stars

4 stars

Watchers

7 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages