In a recent development within the field of computer science, researchers have identified two innovative types of cybersecurity threats. These threats exploit the conditional branch predictor in top-tier Intel processors, potentially compromising billions of devices.
The team, which includes experts from various prestigious institutions and industry giants, will share the findings at the prestigious 2024 ACM ASPLOS Conference.
The study focuses on what is known as the “Pathfinder” attack, which targets a specific component of the branch predictor – the Path History Register (PHR).
The register plays a pivotal role in modern computing by logging the sequence and addresses of branches. This allows for more nuanced insights than were previously possible with other attacks.
The core of these new attacks centers on their ability to manipulate the branch predictor, which is essential for optimizing processor performance. This component predicts the future directions a program might take using historical data.
In the past, attackers had only a basic grasp of these pathways by examining entries in the predictor’s tables. Conversely, the recent research takes advantage of the Path History Register’s (PHR) comprehensive logging of the last 194 taken branches in the latest Intel architectures.
By developing techniques to access and decode the PHR’s data, the researchers showcased their unique ability to trace the exact sequence of branch outcomes. This breakthrough allows them to uncover the complete order of processed branches. Such extensive access marks a significant advance over previous methods, permitting the capture of branch sequences that span tens of thousands.
“We successfully captured sequences of tens of thousands of branches in precise order, utilizing this method to leak secret images during processing by the widely used image library, libjpeg,” explained Hosein Yavarzadeh, the study’s lead author and a PhD student at the University of California San Diego.
Further enhancing the cybersecurity threat landscape, the team introduced a sophisticated Spectre-style poisoning attack on Intel processors. This method allows for the precise control of branch predictions to force the execution of unintended code paths, thus leaking sensitive data.
“This manipulation leads the victim to execute unintended code paths, inadvertently exposing its confidential data,” noted Professor Dean Tullsen, a key member of the research team. “We now have such precise control that we could misdirect the 732nd instance of a branch taken thousands of times.”
The discovery of these cybersecurity threats has elicited swift reactions from leading industry players. In response, both Intel and Advanced Micro Devices (AMD) have actively engaged in measures to address these vulnerabilities.
The companies are preparing to release comprehensive security updates and detailed bulletins that are designed to mitigate the risks associated with the vulnerabilities found in their processors. This proactive approach aims to safeguard devices and maintain user trust in their technology.
As we delve deeper into the implications of this research, it’s clear that the “Pathfinder” attack represents a significant advancement in the realm of cybersecurity.
“Pathfinder can reveal the outcome of almost any branch in almost any victim program, making it the most precise and powerful microarchitectural control-flow extraction attack that we have seen so far,” noted Kazem Taram, an assistant professor at Purdue University.
The collaborative effort, including contributions from UC San Diego, Purdue University, Georgia Tech, the University of North Carolina at Chapel Hill, and Google, underscores the critical nature of cybersecurity research in today’s digital age.
As processors become increasingly sophisticated, so do the methods of exploiting them, making ongoing research and collaboration across academia and industry essential to safeguard future computing environments.
—–
Like what you read? Subscribe to our newsletter for engaging articles, exclusive content, and the latest updates.
Check us out on EarthSnap, a free app brought to you by Eric Ralls and Earth.com.
—–