microarch-analysislisted

Use when analyzing microarchitectural attack surfaces by mapping shared hardware structures, identifying speculative execution vectors, quantifying speculative windows, and proposing countermeasures. Covers cache timing, transient execution, and contention channels. Do not use for RTL-level design review (use rtl-security-review) or physical implementation analysis (use physical-design-security).
dtsong/my-claude-setup · ★ 5 · AI & Automation · score 76

Install: claude install-skill dtsong/my-claude-setup

# Microarchitectural Analysis ## Purpose Map microarchitectural structures, identify shared state across trust boundaries, enumerate speculative execution attack vectors, and propose hardware/software countermeasures. ## Scope Constraints Reads hardware documentation, microarchitectural specifications, and system configuration. Does not modify files or execute code. Does not perform active exploitation or benchmark execution. ## Inputs - System or component architecture being analyzed - Microarchitectural features in scope (cache hierarchy, branch predictor, pipeline depth, etc.) - Trust boundary definitions (which software domains share which hardware resources) - Threat model (local attacker, cross-VM, cross-process, same-core, cross-core) ## Input Sanitization No user-provided values are used in commands or file paths. All inputs are treated as read-only analysis targets. ## Procedure ### Progress Checklist - [ ] Step 1: Map microarchitectural structures - [ ] Step 2: Identify shared state across trust boundaries - [ ] Step 3: Enumerate attack vectors - [ ] Step 4: Assess speculative window - [ ] Step 5: Propose countermeasures - [ ] Step 6: Document residual exposure ### Step 1: Map Microarchitectural Structures Enumerate all microarchitectural structures that hold state: L1I/L1D/L2/L3 caches, TLBs, branch predictors (PHT, BTB, RSB), store buffers, fill buffers, line fill buffers, load ports, MOB entries. For each structure, document sharing domain (per-thread, p