Researchers from Purdue University and the University of California, San Diego, have developed a new microarchitectural control-flow extraction attack that is more accurate and powerful than any seen before. Kazem Taram, an assistant professor of computer science at Purdue University and a UC San Diego computer science PhD graduate, led the research team.
The project involved collaboration with coauthors from both universities, including Dean Tullsen, Hosein Yavarzadeh, Archit Agarwal, Deian Stefan, Christina Garman from Purdue University, Daniel Moghimi from Purdue University, Daniel Genkin from Georgia Tech, and Max Christman and Andrew Kwong from the University of North Carolina Chapel Hill. The research was supported by multiple organizations such as the Air Force Office of Scientific Research, the Defense Advanced Research Projects Agency, the National Science Foundation, the Alfred P. Sloan Research Fellowship and donations from Intel Qualcomm and Cisco.
The researchers followed responsible disclosure practices by notifying Intel and AMD of the security findings in November 2023. Intel subsequently alerted other affected hardware/software vendors of the issues. Both Intel and AMD committed to addressing the concerns raised in the paper by issuing a Security Announcement (SA) and a Security Bulletin (SB), respectively. The findings were also shared with Vulnerability Information and Coordination Environment (VINCE) under Case VU#157097 which pertains to a class of attack primitives that enable data exposure on high-end Intel CPUs. This collaborative effort highlights the importance of ethical and transparent communication in addressing cybersecurity vulnerabilities.
