New Type of Attack Targeting Microarchitectural Level Discovered by International Team of Scientists
The international team of scientists, led by experts from the University of California at San Diego, has uncovered a new type of attack aimed at the component of conventional transitions at the microarchitectural level. The findings, which have the potential to impact billions of devices, will be presented at the upcoming ACM Asplos 2024 conference scheduled from April 27 to May 1 this year.
A study named “Pathfinder” revealed a vulnerability in the Path History Register, which manages the order and addresses of conditional transitions. This marks the first intentional attack using this function to extract information with unprecedented accuracy.
Modern processors utilize conditional transition prediction mechanisms to enhance program implementation efficiency. However, the recent study unveiled that entries in the path history register not only track the most recent transitions but can also reconstruct a significantly longer history of transitions.
Josein Yavarzade, a graduate student in the Computer Sciences Department at the University of California in San Diego and the primary author of the study, commented, “Using this method, we were able to reconstruct sequences of tens of thousands of transitions in exact order, exploiting this to leak sensitive data during their processing through the commonly used Libjpeg Library.”
Professor Dean Tullsen from the same university remarked, “We have also developed an attack method similar to Specter, inducing complex incorrect prediction models in victim code, resulting in unintended execution of undesirable operations.”
Furthermore, the researchers demonstrated an attack that caused the encryption algorithm to abort, leading to the exposure of encrypted data in early processing stages. This enabled the extraction of the secret AES key.
TARAR TARA, an Associate Professor of Computer Sciences at the University of Perdiu, pointed out, “Pathfinder has the capability to reveal the outcomes of nearly any conditional transition in any program, making it the most precise and potent microarchitectural level attack we have encountered so far.”
In response to the research results publication, companies Intel and