From secret images to encryption keys. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 18 May 2024

⏱️ 19 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs). These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detailed transient attacks, demonstrated by extracting an AES encryption key, highlighting significant security risks for these systems. The research can be found here: Graph: Growing number of threats leveraging Microsoft API Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire's research Saturday.
0:19.4	I'm Dave Bitner and this is our weekly conversation with researchers and analysts tracking down the threats
0:25.7	and vulnerabilities, solving some of the hard problems and protecting ourselves in a rapidly
0:31.1	evolving cyberspace.
0:33.0	Thanks for joining us.
0:40.0	Last year we published a paper called Half and Half, where the rumors engineered the intricate
0:46.4	details of the branch predictor within a modern Intel processors.
0:51.4	That's Hossain Yavazarday, a PhD student at the University of California, San Diego.
0:57.0	Today we're discussing his work on Pathfinder, High Resolution Control flow attacks exploiting the conditional branch predictor.
1:07.0	So for example, as you know the vendors like Intel
1:17.2	AMD etc are very secretive about their branch predictor and all the other macro predictor
1:23.8	optimization. So what we did in our previous research was to find out like how is
1:31.1	this branch prediction mechanism implemented in modern Intel processor?
1:35.8	So we reverse engineered every single detail of the branch predictor in our previous research and building upon that we ended up doing some side channel
1:47.7	attacks on the branch predictor. So yeah it started from our previous research
1:53.0	gotcha well for folks who aren't familiar with it can you describe to us what exactly is the function of the branch predictor in a modern processor?
2:02.0	Yeah, so in computer architecture and computer systems, a branch predictor is a vital optimization to the CPU to the processor that tries to guess like which way a
2:17.7	branch will go for example think about and think about an if then else's structure.
2:24.7	So it guesses which way a single branch,
2:28.7	for example, if a statement focal,
2:30.8	will it be taken or not taken before this is known definitely so the purpose
2:36.0	of the branch predictor is to sort of improve the flow of the instructions
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.