Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks

This repository contains test code, examples and exploits regarding transient windows generated by Machine Clears.

For more information about our work:

Setup and Environment

To compile all the code and configure your environment, simply perform the following:

make
source config.sh

Every folder contains a separated README with more details. In summary, this is the content of every folder:

fp_reverse_engineering: utilities to test, understand and verify the presence of FPVI vulnerability
leakers: example test code to show how every presented machine clear can be used to read transiently memory
leak_rate_win_size: code to measure leak rate and window size of various transient execution mechanisms
md_reverse_engineering: experiments to reverse engineer the memory disambiguation predictor on Intel processor
fpvi_firefox_exploit: Firefox exploit based on FPVI to leak arbitrary memory locations (CVE-2021-29955).

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
common		common
figures		figures
fp_reverse_engineering		fp_reverse_engineering
fpvi_firefox_exploit		fpvi_firefox_exploit
fpvi_llvm_mitigation		fpvi_llvm_mitigation
leak_rate_win_size		leak_rate_win_size
leakers		leakers
md_reverse_engineering		md_reverse_engineering
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
config.sh		config.sh