CyberWire Daily - From secret images to encryption keys. [Research Saturday]
Episode Date: May 18, 2024This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional ...Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs). These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detailed transient attacks, demonstrated by extracting an AES encryption key, highlighting significant security risks for these systems. The research can be found here: Graph: Growing number of threats leveraging Microsoft API Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. Hello, everyone, and welcome to the CyberWires Research Saturday.
I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
tracking down the threats and vulnerabilities, solving some of the hard problems,
and protecting ourselves in a rapidly evolving cyberspace.
Thanks for joining us.
Last year, we published a paper called Half and Half,
where we reverse-engineered the intricate details of the branch predictor
within modern Intel processors.
intricate details of the branch predictor within modern Intel processors.
That's Hossein Yavazadeh, a PhD student at the University of California, San Diego.
Today, we're discussing his work on Pathfinder,
high-resolution control flow attacks exploiting the conditional branch predictor. So, for example, as you know, the vendors like Intel, AMD, etc.
are very secretive about their branch predictor and all the other macro predictor optimizations.
So what we did in our previous research was to find out how is this branch prediction mechanism implemented in modern Intel processors.
So we reverse engineered every single detail of the branch predictor in our previous research.
And building upon that, we ended up doing some side channel attacks on the branch predictor.
So yeah, it started from our previous research.
Gotcha. Well, for folks who aren't familiar with it,
can you describe to us what exactly is the function
of the branch predictor in a modern processor?
Yeah. So in computer architecture and computer systems,
a branch predictor is a vital optimization to the CPU,
to the processor that tries to guess which way a branch will go. For example, think about
an if-then-else structure. So it guesses which way a single branch, for example,
if a statement focal, will it be taken or not taken before this is known definitively.
So the purpose of the branch predictor is to sort of improve the flow of the instructions within the processor.
And so if it's capable of guessing right more often than not, then it speeds things up.
Yes, exactly. So for example, in modern processors these days, it's like 99%, 98%
predicting the accurate direction of the branches. And when you're capable of predicting 98%
correctly, so you speed up the processor a lot.
So in your previous research, when you all were reverse engineering this,
what was the process for that?
I mean, were you able to do it in a traditional way by use of computer,
or were you decapping the CPUs?
How did you go about it?
Yeah, so the way we started the reverse engineering
of the branch predictor was running some
well-crafted experiments on a bare metal CPU,
on the targeted CPUs we had,
and measuring some performance counters.
For example, we were measuring the number of branches,
number of mispredicted branches, number of taken, not taken branches,
all those detailed performance counters.
And by running some well-crafted experiments and seeing the outputs,
we were able to, for example, distinguish between different behaviors
that we see from the processor itself or from the
state-of-the-art branch predictors implemented and designed in the literature.
So by doing that process recursively, like doing experiments and getting outputs and
updating our model, we managed to reverse engineer the branch predictor structure.
we managed to reverse engineer the branch predictor structure.
I see.
But let's dig into your most recent research here.
What exactly are these two novel attacks that you all discovered?
Yeah, so this paper, Pathfinder, introduces two novel attack side channels which can leak or extract and manipulate or write some structures within
the branch predictor, the conditional branch predictor in modern processors.
So these primitives, the attack primitives we designed, enables us two new classes of
attacks.
So the first attack can recover the entire control flow history of any victim program
by exploiting the read primitives.
And we demonstrate this by a practical secret image recovery
based on capturing the entire control flow of libjpg routine.
So libjpg is a library for compression, decompression,
and all the other algorithms
related to image processing stuff.
And the second attack, we show that we can launch extremely high resolution transient
attacks like Spectre-style attacks by exploiting the right primitive.
So we show that this attack can be used to recover the AES key
based on extracting the intermediate values of the AES algorithm.
And what do you suppose would be the real-world applications of these vulnerabilities?
If someone were looking to exploit this,
what would be the circumstances that they would have to find themselves,
have available to them?
Well, I mean, we showed that, I mean, given the other defenses like Intel provided against
speculative execution attacks, we showed that still speculative execution attacks can be
found in VILD. For example, in applications like LeapJjpg, AES, all the other applications that are
vulnerable to these type of attacks can be exploded by these type of
attacks, the branch prediction-related attacks.
So I would say if there is any
secret dependent, any control flow dependent
application that the control flow dependent application
that the control flow depends on the input,
our attacks will work.
We'll be right back.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And so what are the ramifications of this?
How serious a discovery do you estimate this is?
Well, so one thing is that the spectre style attack or the high resolution transient execution attack can
be mitigated by previously provided mitigation strategies. Like there is a mitigation strategy
called fencing, which you stop the speculative execution for secret dependent conditional branches.
So that would stop it.
But the thing is, there is an option, but no one used that.
I mean, it's not implemented in the libraries, in the Linux kernel,
those sort of applications.
So that's the thing.
Another attack we have, which is the control flow recovery
or extracting or leaking the control flow
of almost any victim program,
that can be also mitigated
by the constant time programming method.
But the thing is, again,
no one wants to use that method
because that comes with performance overhead.
For example, let's say like 50% performance overhead.
You don't want to slow down your code or at least all of your code or all of your programs by 50% just because of the security.
So, and yeah, we actually targeted and implemented our attack on Intel provided library called Intel IPP.
our attack on Intel-provided library called Intel IPP. So this
Intel IPP is a crypto
library developed by Intel
and we implemented our
attack on top of it and we showed that
this is vulnerable. But Intel's response
to our attacks were like,
you can use constant time programming methods.
However, they themselves don't
use it.
Yeah, you all went through responsible
disclosure here and are you satisfied with the responses
from the chip manufacturers or are the responses a little frustrating?
As I told earlier, their actual response
was that people can use fencing strategies
or constant time programming mitigations
against these type of attacks yet.
And that's true.
But the thing is, we cannot tell the entire world to use constant time programming and
slow down their programs by a lot of flushes the branch predictor state.
For example, in context switches from one security domain to another and vice versa, which comes with much less performance overhead.
So that's the situation.
I see.
So where do you suppose
we're headed then? I mean, with the major
chip manufacturers made aware of this, do you
suppose that future processors will take
this into account? In my opinion,
yes. Like, starting 2018
when the Spectre
and Meltdown attacks came out,
I think manufacturers and the vendors, chip vendors,
have started thinking about the security flaws
within the macro architectural optimizations. For example, branch prediction.
And it's not only branch prediction, like caches,
other optimization within the CPU.
I think they are definitely going to take this into consideration and have some security team doing some research and analyzing the optimization to make sure there's no security flaw within them.
make sure there's no security flaw within them.
It seems to me like this sort of thing,
this functionality within these chips,
something like branch prediction,
has become such a fundamental part of the architecture of these chips.
It's hard to imagine it not being there in some form.
To oversimplify things, you know, I imagine if someone having, if they're
in a situation where they have to have a high degree of security, you know, going into a
control panel and turning off branch prediction, but it's not that simple, right?
Yeah, it is not.
And even if you can, like, disable the branch prediction unit, like, your slowdown will be...
You'll have a crazy amount of slowdown.
It's very vital optimization to the CPU.
So you cannot imagine running a program
with that branch prediction.
It's going to be very slow.
What's next for you and your team here?
Do you have your sights set on
continuing down this path of research?
Yeah, so there are a couple of directions
and projects we're working on right now.
But the major thing we're thinking about
is designing new sort of secure
and high-performance branch prediction units
for future processors.
So that is one thing we learned from our previous research,
researches like Half and Half and Pathfinder,
based on our understanding of how does Intel implement the branch predictor.
We know the structure, we know the security flaws,
Intel implement the branch predictor,
we know the structure, we know the security flaws, so we're trying to find the way
to
sort of isolate this branch
prediction unit between security
domains, but also be
a high performance in the meantime.
So, based on
the information you all have gathered here,
what are your recommendations?
To what degree should folks
be concerned about this? And if so,
what are some possible mitigations?
As we discussed in the paper, we showed that these
attacks can be actually used in the wild. For example, leaking
secret images from LeapJPG library or
leak AES key from AES encryption,
decryption functions.
So this is a serious problem.
And in my opinion, so the users definitely would want to use, for example,
I don't know, like fencing strategy or constant time programming strategy
to mitigate these types of attacks,
which comes with sort of high overhead, high performance overhead.
But there are other mitigations we discussed in the paper,
which talks about flushing the branch predictor state,
different units within the conditional branch predictor
and context switches that can be also used, but needs some effort, some development to
integrate those mitigations into, for example, Linux kernel to be used. I mean, it's not very
straightforward to implement those mitigation strategies. And for example, it should be
implemented in compiler. It needs a lot of development. So, yeah.
Our thanks to Josein Yavazarde from the University of California, San Diego for joining us. The research is titled
Pathfinder, High Resolution Control Flow Attacks, Exploiting the Conditional Branch Predictor.
We'll have a link in the show notes.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
and that's research saturday brought to you by n2k cyberwire our thanks to josein yavazarda from the university of california san diego for joining us the research is titled pathfinder
high resolution control flow attacksoiting the Conditional Branch
Predictor. You can find a link and additional resources in our show notes. We'd love to know
what you think of this podcast. Your feedback ensures we deliver the insights that keep you
a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share
a rating and review in your podcast app. Please also fill out the survey in the show notes or Thank you. intelligence, and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
We're mixed by Elliot Peltzman and Trey Hester.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here next time.
Thank you. innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.