Father
Professional
- Messages
- 2,602
- Reaction score
- 761
- Points
- 113
An international team of scientists led by specialists from the University of California, San Diego has uncovered a new type of side-channel attack that targets the Path History Register in high-performance Intel processors and is called Pathfinder.
A study called Pathfinder revealed vulnerabilities in the Path History Register, which records the order and addresses of conditional branches.
At the same time, as it turned out, entries in the path history register not only track recent branches, but also reconstruct a much longer history of branch sequences.
As a result, more information is extracted with improved accuracy than in previous attacks, which lacked an understanding of the exact structure of the branch predictor.
Given the significant impact of branches on the performance of modern processors, an important optimization known as the branch predictor is used, which predicts future branch results by referring to past histories stored in forecast tables.
Previous attacks have used this mechanism by analyzing records in these tables to identify recent branching trends at specific addresses. However, the new approach uses a path history register, providing a new perspective on control flow attacks.
Experts reflected the consequences of the attack in two case studies, demonstrating the extraction of the secret AES encryption key and the theft of secret images during processing by the libjpeg library.
The researchers reported results from Intel and AMD in November 2023. Intel, in turn, informed about the problems of other affected suppliers.
As a result, Intel and AMD issued security bulletins, according to which previously released patches for Spectre v1 are sufficient to protect their devices.
To date, Pathfinder is the most advanced and effective version of all previous attacks targeting the same mechanism at the microarchitectural level, including Spectre or BranchSchope.
• Source: https://dl.acm.org/doi/10.1145/3620666.3651382
A study called Pathfinder revealed vulnerabilities in the Path History Register, which records the order and addresses of conditional branches.
At the same time, as it turned out, entries in the path history register not only track recent branches, but also reconstruct a much longer history of branch sequences.
As a result, more information is extracted with improved accuracy than in previous attacks, which lacked an understanding of the exact structure of the branch predictor.
Given the significant impact of branches on the performance of modern processors, an important optimization known as the branch predictor is used, which predicts future branch results by referring to past histories stored in forecast tables.
Previous attacks have used this mechanism by analyzing records in these tables to identify recent branching trends at specific addresses. However, the new approach uses a path history register, providing a new perspective on control flow attacks.
Experts reflected the consequences of the attack in two case studies, demonstrating the extraction of the secret AES encryption key and the theft of secret images during processing by the libjpeg library.
The researchers reported results from Intel and AMD in November 2023. Intel, in turn, informed about the problems of other affected suppliers.
As a result, Intel and AMD issued security bulletins, according to which previously released patches for Spectre v1 are sufficient to protect their devices.
To date, Pathfinder is the most advanced and effective version of all previous attacks targeting the same mechanism at the microarchitectural level, including Spectre or BranchSchope.
• Source: https://dl.acm.org/doi/10.1145/3620666.3651382
