More research at UC San Diego revealed yet another side-channel attack on x86_64 processors. The research identified a new vulnerability that allows precise control of conditional branch prediction in modern processors.
In the realm of modern computer software, the reliance on conditional branches is pervasive. These branches determine the next set of instructions to execute based on specific data values, constituting a significant portion—often between 10 to 20 percent—of all executed instructions.
To maintain performance, modern processors deploy branch predictors to anticipate the outcome of these conditional branches. Predicting outcomes allows processors to continue executing at full speed without waiting for the branch resolution, which occurs later in the pipeline.
However, a crucial vulnerability arises from the shared nature of branch predictors among executing threads and processes in all modern processors. Attackers can exploit this vulnerability to observe branch outcomes, potentially compromising sensitive data. Spectre attacks exacerbate this vulnerability by manipulating the branch predictor to leak private information from memory.
In response to these security concerns, a team led by UC San Diego Scientists embarked on a meticulous exploration of the conditional branch predictor (CBP) found in modern Intel processors. Their research, known as Half&Half, involved reverse-engineering the CBP’s intricate workings, including prediction tables, indexing methods, and associativity.
Building on their findings, they introduce Pathfinder, which exposes two innovative side-channel attacks leveraging the CBP. The first attack divulges historical information on thousands of recent branch instructions, providing malicious entities with insights into victim code execution. The second attack, a high-resolution Spectre-style exploit, manipulates branch predictions to steer the victim toward unintended code paths.
These attacks are demonstrated through case studies, including speculative execution against AES to recover secret keys and the leakage of secret images through control flow extraction of libjpeg routines.
“While prior attacks could misdirect a single branch or the first instance of a branch executed multiple times, we now have such precise control that we could misdirect the 732nd instance of a branch taken thousands of times,” said Kazem Taram, an assistant professor of computer science at Purdue University and a UC San Diego computer science PhD graduate.
The team presents a proof-of-concept where they force an encryption algorithm to transiently exit earlier, exposing reduced-round ciphertext. This demonstration illustrates the ability to extract the secret AES encryption key.
Taram continued, “Pathfinder can reveal the outcome of almost any branch in almost any victim program, making it the most precise and powerful microarchitectural control-flow extraction attack that we have seen so far.”
The researchers propose several techniques to mitigate these vulnerabilities, such as flushing branch prediction history during context switching or isolating prediction units between security domains.
In November 2023, the researchers informed both Intel and AMD of their findings, adhering to responsible disclosure practices. Intel, in response, notified affected vendors and outlined plans to address the concerns in a Security Announcement (INTEL-2024-04-26-001-Pathfinder). AMD addressed the issues through a corresponding Security Bulletin (AMD-SB-7015).
You can find more information about Pathfinder from the following links:
UC San Diego computer science PhD student Hosein Yavarzadeh is the lead author of the study.