Research paper exposes microprocessor vulnerability

It’s rare when semiconductor chip giants respond publicly to new academic research that exposes faults inside systems – as Intel did to recent coverage issued by The University of California, Riverside (UCR).

The paper that caused the Intel response is BranchScope: A New Side-Channel Attack on Directional Branch Predictor, co-authored by Nael Abu-Ghazaleh, who holds joint appointments in the Computer Science and Engineering and Department of Electrical and Computer Engineering at UCR; along with Dmitry Evtyushkin, College of William and Mary. Their findings were presented at ASPLOS, the top multidisciplinary systems research symposium recently.

Abu-Ghazaleh is a renowned expert in the field of cyber-security vulnerabilities and computer architecture support for security. His co-authored BranchScope paper exposes a new type of branch predictor attack, similar to the Spectre attacks that hit the news in January, but, this time, exposing a different vulnerability within a microprocessor’s computer architecture, as he explained:

“A branch predictor is a digital circuit that uses the ‘if-then’ nature of computer architecture, guessing which way to go next, based on the user command, or requirements of an app or program running on the network,” Abu-Ghazaleh said. “It’s a computer architectural design that builds in the ability to achieve high performance. However, there are issues, as we found in our research.”

Researchers carried out their extensive tests, showing how the vulnerability was exposed

The researchers carried out their extensive tests, showing how the vulnerability was exposed, on both Intel CPUs (central processing units) and against an Intel SGX (software guard extension) enclave. The latter, as indicated by its name, is designed to withstand such an attack. The manufacturer inserts it at a hardware level, as an isolated execution system, to protect application secrets from compromised system software. After press exposure around the release of the paper at the ASPLOS symposium, Intel was swift to respond, releasing the following statement, which was reproduced, in part, by Ars Technica:

“We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits,” the statement read. “We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper.”

In their paper, the researchers showed that the BranchScope attacks were significantly different in form, intent and execution to both Meltdown and Spectre, and so require immediate restorative and protective action from manufacturers. In its statement to the press, Intel wrapped up by acknowledging the work of the senior academics behind this paper: “We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers,” the statement read.