CPU Security Benchmark

Abstract

The current electronic-economy is booming, electronic-wallets, encrypted virtual-money, mobile payments, and other new generations of economic instruments are springing up. As the most important cornerstone, CPU is facing serious security challenges. And with the blowout of actual application requirements, the importance of CPU security testing is increasing. However, the actual security threats to computer systems are also becoming increasingly rampant (now attackers often use multiple different types of vulnerabilities to construct complex attack systems, not just a single attack chain). The traditional vulnerability detection model is not capable of comprehensive security assessment. We first proposed a comprehensive CPU Security Benchmark solution with high coverage for existing known vulnerabilities, including Undocumented Instructions detection, Control Flow Integrity test, Memory Errors detection, and Cache Side Channels detection, Out of Order and Speculative execution vulnerabilities (Meltdown and Spectre series) tests, and more. Our benchmark provides meaningful and constructive feedbacks for evading architecture/microarchitecture design flaws, system security (OS and libraries) software patches design, and user programming vulnerabilities tips. We hope that the work of this paper will promote the computer system security testing from the past scatter point and line mode (single specific vulnerability and attack chain testing) to coordinated and whole surface mode (multi-type vulnerabilities and attack network testing), thus creating a new research direction of the comprehensive and balanced CPU Security Benchmark. Our test suite will play an inspiring role in the comprehensive assessment of security in personal computer devices (PC/Mobile Phone) and large server clusters (Servers/Cloud), as well as the construction of more secure Block-Chain nodes (IOT), and many other practical applications.