.webp)
[[{“value”:”
Microarchitectural side-channel attacks misuse shared processor state to transmit information between security domains.
Although they can be used in isolation, they are frequently employed as building blocks for more sophisticated attacks such as Spectre, which uses side channels to achieve controlled speculative execution and data exfiltration.
The following cybersecurity analysts recently discovered a new attack dubbed “Pathfinder,” that steals sensitive data from the modern processor:-
Hosein Yavarzadeh from UC San Diego
Archit Agarwal from UC San Diego
Max Christman from UNC Chapel Hill
Christina Garman from Purdue University
Daniel Genkin from Georgia Tech
Andrew Kwong from UNC Chapel Hill
Daniel Moghimi from Google
Deian Stefan from UC San Diego
Kazem Taram from Purdue University
Dean Tullsen from UC San Diego
Pathfinder Attack Steals Sensitive Data
Caches, branch predictors, and translation buffers are among the many shared microarchitectural components that these attacks target.
Most previous branch predictor attacks have focused on attacking the conditional branch predictor, which is a simple model.
Due to this, their ability has been limited to manipulating coarse control flow only.
The branch predictor is thought of as a read/write scratchpad. Advanced attack primitives let you exploit the Pattern History Register (PHR) and Pattern History Tables (PHTs) so that one can leak their values after a victim program.
They also allow you to perform new Spectre attacks by overwriting them before calling the victim.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
These primitives abstract away the complicated manipulation of complex branch prediction structures and their indexing functions.
Pathfinder is a program that, given an executable code and observed values of a Pattern History Register (PHR), reconstructs the control flow graph of the victim function at runtime.
The PHR is complex because it combines branch outcomes with multiple addresses, which helps capture control flow, which differs from capturing control flow alone.
Binary analysis coupled with an algorithm allows Pathfinder to determine all possible paths of control flow corresponding to the observed PHR.
Due to the size and complexity of the update function used by PHR, one path is usually found.
This tool shows what happens during execution, helps analyze leak attacks, and helps discover the new Spectre variations.
JPEG is a widely used lossy image compression standard, and libjpeg is a library for JPEG encoding and decoding.
The IDCT implementation in libjpeg simplifies computation by optimizing for constant rows and columns in the coefficient matrix.
This optimization discloses the original image by making known the constancy of particular rows and columns through runtime control flow analysis.
The research shows how easily the Pattern History Register state can be leaked, thus giving away information about global branch ordering and runtime control flow.
By precise poisoning of PHT through read-and-write attacks that target specific loop iterations, it becomes important to take into account non-deterministic speculative control flows in Spectre mitigations.
This attack differs from others that were restricted by biases or recent branch outcomes, as it covers all branches made throughout the program’s execution, which involves thousands of branches.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo
The post Pathfinder – New Attack Steals Sensitive Data From Modern Processors appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
