From secret images to encryption keys.
Dave Bittner: Hello everyone, and welcome to the CyberWire's Research Saturday. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities, solving some of the hard problems, and protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.
Hosein Yavarzadeh: Last year we published a paper called Half & Half where we reverse-engineered the intricate details of the branch predictor within modern Intel processors.
Dave Bittner: That's Hosein Yavarzadeh, a PhD student at the University of California San Diego. Today we're discussing his work on Pathfinder: High-Resolution Control Flow Attacks Exploiting the Conditional Branch Predictor.
Hosein Yavarzadeh: So for example, as you know, the vendors like Intel, AMD, et cetera are very secretive about their branch predictor and all the other microarchitecture optimization. So what we did in our previous research was to find out, like, how is this branch prediction mechanism implemented in modern Intel processors? So we reverse-engineered the, every single detail of the branch predictor in our previous research, and building upon that, we ended up doing some side-channel attacks on the branch predictor. So yeah, it started from our previous research.
Dave Bittner: Got you. Well, for folks who aren't familiar with it, can you describe to us, what exactly is the function of the branch predictor in a modern processor?
Hosein Yavarzadeh: Yeah. So, in computer architecture and computer systems, a branch predictor is a vital optimization to the, to the CPU, to the processor, that tries to guess, like, which way a branch will go. For example, think about an, think about an if-then-else structure. So it, it guesses which way a single branch, for example if statement focal. Will it be taken or not taken, before this is known definitively. So the purpose of the branch predictor is to sort of improve the, the flow of the instructions within the processor.
Dave Bittner: And so, if it's capable of, of guessing right more often than not, then it speeds things up?
Hosein Yavarzadeh: Yes, exactly. So, for example in modern processors these days, it's like 99%, 98% predicting the accurate, you know, direction of the branches, and then you, but you're capable of, like, predicting 98% correctly, so you speed up the, the processor a lot.
Dave Bittner: So in your previous research, when you all were reverse-engineering this, what was the process for that? I mean, were you able to do it in a traditional way, you know, by use of computer, or were you, you decapping the CPUs? How did you go about it?
Hosein Yavarzadeh: Yeah, so the way we started the reverse-engineering of the branch predictor was running some, like, well-crafted experiments on a bare metal CPU and the targeted CPUs we had, and measuring some performance counters. For example, we were measuring the number of branches, number of mis-predicted branches, number of taken, not take branches, all those detailed performance counters. And by running some well-crafted experiments and seeing the outputs, we were able to, for example, distinguish between different behaviors that we see from the processor itself, or from the state-of-the-art branch predictors implemented and designed in the literature. So by doing that process recursively, like doing experiments, and getting outputs, and updating our model, we managed to reverse-engineer the branch predictor structure.
Dave Bittner: I see. Well, let's dig into your most recent research here. What exactly are these two novel attacks that you all discovered?
Hosein Yavarzadeh: Yeah, so this paper, Pathfinder, introduces two novel attack side channels, which can leak or extract and manipulate or write the, some structures within the branch predictor, of the, the conditional branch predictor in modern processors. So these primitives, the attack primitives be designed enables us two new classes of attacks. So the first attack can recover the entire control flow history of any victim program by exploiting their rate primitives, and we demonstrate this by a practical, secret image recovery, based on capturing the entire control flow of Libjpeg routine. So Libjpeg is a library for compression-decompression and all the other algorithms related to image processing stuff. And the second attack, we show that we can launch extremely high-resolution transient attacks, like picture-style attacks, by exploiting the right primitive. So we showed that this attack can be used to recover the AS key based on extracting the intermediate values of the AS algorithm.
Dave Bittner: And what do you suppose would be real-world applications of these vulnerabilities? If someone were willing to look to exploit this, what were the, what would be the circumstances that they would have to, to find themselves, have available to them?
Hosein Yavarzadeh: Well, I mean, we showed that, I mean, given the other defenses like Intel provided against speculative execution attacks, we show that still, speculative execution attacks can be found in wild. For example, in applications like, like Libjpeg, AES, all the other applications that are vulnerable to these type of attacks can be exploited by these type of attacks, the branch prediction-related attacks. So, I would say, like, if there is any secret-dependent, any control flow-dependent application, that the control flow depends on the input, our attacks will work.
Dave Bittner: We'll be right back.
Dave Bittner: And so, what are the ramifications of this? How, how serious a discovery do you estimate this is?
Hosein Yavarzadeh: Well, so one thing is that the, the, the spectre-style attack, or the high-resolution transient execution attack, can be mitigated by previously-provided mitigation strategies, like there's a mitigation strategy called fencing, which you stop the speculative execution for secret-dependent conditional branches. So that would stop it, but the thing is, sort of, there is an option but no one used that. I mean, it's not implemented in, in the wild, in the libraries, and the Linux kernel, those sort of applications. So that's the thing. The, another attack we have, which is the, the control flow recovery, or extracting or leaking the control flow of almost any victim program, that can be also mitigated by the, the constant time programming method, but the thing is, again, no one wants to use that method, because that comes with performance overhead. For example, let's say, like, 50% performs overhead. You don't want to slow down your code, or, or at least all of your code, all of your programs by 50%, just because of the security. So, and yeah, we, we actually targeted and implemented our attack on an Intel-provided library called Intel IPP. So this Intel IPP is a cryptolibrary developed by Intel, and we implemented our attack on top of it, and we showed that this is vulnerable, but Intel's response to our attacks were, like, you can use constant-time programming methods. However, they, they themselves don't use it.
Dave Bittner: Hmm. Yeah, I mean, you all want through responsible disclosure here, and are you satisfied with the responses from the chip manufacturers, or, or are the responses a little frustrating?
Hosein Yavarzadeh: As I, as I told earlier, their actual response was that, people can use fencing strategies or constant-time programming mitigations against these type of attacks. Yeah, and that's true, but the thing is, we cannot tell to the entire world to use constant-time programming and slow down their programs by a lot of amount to just get the security here, and so our proposal was to give, give an instruction or a primitive that flushes the branch predictor state. For example, in contact switches from one security domain to another, and vice versa, which comes with much less performance overhead. So that's the situation.
Dave Bittner: I see. So where do you suppose we're headed then? I mean, with, with the, the major chip manufacturers made aware of this, do you suppose that future processors will take this into account?
Hosein Yavarzadeh: In my opinion, yes. Like, starting 2018, when the spectre and meltdown attacks came out, so I think manufacturers and the vendors, chip vendors, have started thinking about the, the security flaws within the microarchitectural optimizations, for example branch predictor, and it's not only branch prediction. Like caches, other optimization within the CPU. I think they are definitely going to take this into consideration and have some security team doing some research and analyzing the, the, the, the, the optimization to make sure there is no, like, security flaw within them.
Dave Bittner: And it seems to me like this sort of thing, this, this functionality within these chips, you know, something like branch prediction, has become such a fundamental part of the architecture of these chips, it's hard to imagine it not being there in some form. You know, I, I, to oversimplify things, you know, I imagine someone having, if they're in a situation where they have to have a high degree of security, you know, going into a control panel and turning off branch prediction, but it's not that simple, right?
Hosein Yavarzadeh: Yeah, it is not, and even if you can, like, disable the branch prediction unit, like, your, your, your slowdown will be, you'll, you'll have a crazy amount of slowdown.
Dave Bittner: Yeah.
Hosein Yavarzadeh: I mean, it's very vital optimization to the CPU, so you cannot imagine running a program without branch prediction. It's going to be very slow.
Dave Bittner: Yeah. What's next for you and your team here? Do you have your sight set on continuing down this path of research?
Hosein Yavarzadeh: Yeah, so there are a couple of directions and other, and projects we're working on right now, but the major thing we're thinking about is designing new sort of secure and high-performance branch prediction units for, like, future processors. So that is one, one thing, one thing we learned from our previous research, researchers like Half & Half and Pathfinder, based on our understanding of how, how, how, how does Intel implement the branch predictor? We know the structure, we know the security flaw, so we're trying to find the way to sort of isolate this branch prediction unit between security domains but also be high-performance in the meantime.
Dave Bittner: So based on the information you all have gathered here, what are your recommendations? I mean, to what degree should folks be concerned about this, and, and if so, what are some possible mitigations?
Hosein Yavarzadeh: So yeah, as we discussed in the paper, we showed that these attacks can be actually used in, in the wild. For example, leaking secret images, from Libjpeg library or leak AS key from AS encryption-decryption functions. So this is a serious problem. And, in my opinion, so the users definitely would want to use, for example, I don't know, like fencing, fencing strategy or constant-time programming strategy to mitigate these type of attacks, which comes with sort of high overhead, high performance overhead. But there are other mitigations we discuss in the paper, which talks about, like, flushing the branch predictor state, different units within the conditional branch predictor and contact switches, that can be also used, but needs some effort, some development to integrate those mitigations into, for example, Linux kernel to, to be used. I mean, it's not very straightforward to implement those mitigation strategies, and for example, it should be, it should be implemented in compiler. It needs a lot of development, so yeah.
Dave Bittner: Our thanks to Hosein Yavarzadeh from the University of California San Diego for joining us. The research is title Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor. We'll have a link in the show notes. [ Music ] And that's Research Saturday, brought to you by N2K CyberWire. Our thanks to Hosein Yavarzadeh from the University of California San Diego for joining us. The research is titled Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor. You can find a link and additional resources in our show notes. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly-changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes, were mixed by Elliott Peltzman and Tre Hester. Our executive producer is Jennifer Eiben, our executive editor is Brandon Karpf. Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here next time. [ Music ]