“Pathfinder can reveal the results of almost any branch of almost any victim program, making it the most accurate and powerful tool we've seen to date,” said Kazem Taram, assistant professor of computer science at Purdue University. “This is a control flow extraction attack on microarchitectures.” in Computer Science from the University of California, San Diego.
In addition to Dean Talsen and Hossein Yavarzadeh, other co-authors are from the University of California, San Diego. Archit Agarwal and Dian Stephan. Other co-authors include Christina Garman and Kazem Taram of Purdue University. Daniel Mogimi, Google; Daniel Genkin, Georgia Tech. Max Christman and Andrew Kwon of the University of North Carolina at Chapel Hill;
This research was supported in part by the Air Force Office of Scientific Research (FA9550-20-1-0425). Defense Advanced Research Projects Agency (W912CG-23-C-0022 and HR00112390029). National Science Foundation (CNS-2155235, CNS-1954712, and CAREER CNS-2048262). Alfred P. Sloan Research Fellowship. Gifts from Intel, Qualcomm, and Cisco.
responsible disclosure
The researchers communicated their security findings outlined in this paper to both Intel and AMD in November 2023. Intel has notified other affected hardware/software vendors of this issue. Intel and AMD plan to address the concerns raised in today's paper through a respective security bulletin and bulletin (AMD-SB-7015). The findings were shared in the Vulnerability Information Coordination Environment (VINCE) case VU#157097: Class of attack primitives allows data leakage on high-end Intel CPUs.
