Revizor - a fuzzer to search for microarchitectural leaks in CPUs
Перейти к файлу
Oleksii Oleksenko 2471cb83b0
cli: [docs] add detailed description of Modes of Operation
2024-11-04 14:54:41 +00:00
.github root: [build] update list of tested branches in CI (#110) 2024-07-30 14:23:14 +01:00
demo conf: [chore] removing several outdated options 2024-07-25 14:53:23 +01:00
docs cli: [docs] add detailed description of Modes of Operation 2024-11-04 14:54:41 +00:00
mkdocs-overrides root: [docs] move quick start guide onto a separate page 2024-07-29 15:56:28 +01:00
src root: [chore] bump version to 1.3.2 2024-09-12 13:57:24 +01:00
tests cli: [docs] add detailed description of Modes of Operation 2024-11-04 14:54:41 +00:00
.editorconfig reduced .editorconfig 2022-09-29 14:37:56 +01:00
.gitignore cli: [fix] Invalid argument in CLI tfuzz mode (#109) 2024-07-30 11:55:12 +01:00
.gitmodules executor: full rewrite of the executor 2022-05-20 11:17:51 +01:00
AUTHORS root: [docs] add Brian to Authors 2024-07-26 17:01:40 +01:00
CODE_OF_CONDUCT.md trademarks and co 2022-04-20 15:02:06 +01:00
CONTRIBUTING.md root: [docs] updated readme 2024-07-29 10:35:37 +01:00
LICENSE trademarks and co 2022-04-20 15:02:06 +01:00
README.md root: [docs] move quick start guide onto a separate page 2024-07-29 15:56:28 +01:00
SECURITY.md trademarks and co 2022-04-20 15:02:06 +01:00
mkdocs.yml cli: [docs] add detailed description of Modes of Operation 2024-11-04 14:54:41 +00:00
pyproject.toml root: [chore] bump version to 1.3.2 2024-09-12 13:57:24 +01:00
revizor.py cli: [fix] clarify import error message (#77) 2024-07-25 14:29:40 +01:00

README.md

Revizor

GitHub PyPI GitHub all releases GitHub contributors

Revizor is a security-oriented fuzzer for detecting information leaks in CPUs, such as Spectre and Meltdown. It tests CPUs against Leakage Contracts and searches for unexpected leaks.

For more details, see our Paper (open access here), and the follow-up papers (1, 2).

Getting Started and Documentation

You can find a quick start guide at Quick Start.

For information on how to use Revizor, see User Documentation.

For information on how to contribute to Revizor, see CONTRIBUTING.md.

Need Help with Revizor?

If you find a bug in Revizor, don't hesitate to open an issue.

If something is confusing or you need help in using Revizor, we have a discussion page.

Citing Revizor

To cite this project, you can use the following references:

  1. Original paper that introduced the concept of Model-based Relation Testing as well as the Revizor tool:

    Oleksii Oleksenko, Christof Fetzer, Boris Köpf, Mark Silberstein. "Revizor: Testing Black-box CPUs against Speculation Contracts" in Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2022.

  2. Theoretical foundations of leakage contract:

    Marco Guarnieri, Boris Köpf, Jan Reineke, and Pepe Vila. "Hardware-software contracts for secure speculation" in Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP), 2021.

  3. Accessible summary of the two papers above, in a journal format:

    Oleksii Oleksenko, Christof Fetzer, Boris Köpf, Mark Silberstein. "Revizor: Testing Black-box CPUs against Speculation Contracts". In IEEE Micro, 2023.

  4. Paper that introduced speculation filtering, observation filtering, and contract-based input generation:

    Oleksii Oleksenko, Marco Guarnieri, Boris Köpf, and Mark Silberstein. "Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing" in Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), 2022.

  5. Paper that introduced exception-based testing (i.e., focus on Meltdown, Foreshadow) into Revizor:

    Jana Hofmann, Emanuele Vannacci, Cédric Fournet, Boris Köpf, and Oleksii Oleksenko. "Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions." in Proceedings of 32nd USENIX Security Symposium (USENIX Security), 2023.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.