May 8, 2024 at 11:07AM
Researchers discovered two new attack methods targeting high-performance Intel CPUs, collectively called Pathfinder. These attacks exploit the branch predictor to manipulate program control flow and execute Spectre-style attacks, potentially exposing confidential data, including AES encryption keys and secret images. Intel stated that existing mitigations for Spectre v1 help protect against these attacks.
Key takeaways from the meeting notes:
– Researchers have discovered new attack methods targeting high-performance Intel CPUs that can be used to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.
– These techniques have been collectively dubbed Pathfinder by a group of academics from multiple institutions, including the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google.
– The attacks dubbed Pathfinder allow attackers to read and manipulate key components of the branch predictor, enabling reconstructing program control flow history and launching high-resolution Spectre attacks.
– Specifically, the attack method targets a feature in the branch predictor called the Path History Register (PHR) to induce branch mispredictions and cause a victim program to execute unintended code paths, thereby inadvertently exposing its confidential data.
– Pathfinder introduces new primitives that make it possible to manipulate PHR and the prediction history tables (PHTs) within the conditional branch predictor (CBR) to leak historical execution data and ultimately trigger a Spectre-style exploit.
– Demonstrations outlined in the study have shown the method to be effective in extracting the secret AES encryption key and leaking secret images during processing by the widely-used libjpeg image library.
– Intel has released an advisory stating that Pathfinder builds on Spectre v1 attacks and that previously deployed mitigations for Spectre v1 and traditional side-channels mitigate the reported exploits. There is no evidence that it impacts AMD CPUs.
– The researchers emphasize that the PHR is vulnerable to leakage, reveals data unavailable through the PHTs, exposes a far greater set of branching code as potential attack surfaces, and cannot be mitigated using techniques proposed for the PHTs.
These are the key points from the meeting notes. Let me know if you need further details or action points.