BranchScope: a new attack on Intel processor security

Intel processors are in for more bad news this year as computer science researchers are discovering new design flaws that allow for attacks that could put user data in jeopardy. The new BranchScope attack was revealed at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), the top computer systems research symposium.

Finding the flaws in processor hardware is nothing new for the research team of Binghamton University’s computer science professor Dmitry Ponomarev; University of California, Riverside professor Nael Abu-Ghazaleh; and the College of William and Mary’s assistant professor Dmitry Evtyushkin, PhD ’17. The three first started working together at Binghamton University when Abu-Ghazaleh was a Binghamton University professor and Evtyushkin was a PhD student.

Earlier this year when news broke that Intel, AMD and ARM processors all had a design feature that could allow access to personal information via attacks called Spectre and Meltdown, Google’s Jann Horn credited the research team’s 2016 work as a guiding influence in the discovery of the major attacks.

Since Spectre and Meltdown first appeared, other attacks – like Spectre 2 – have continued to show the weaknesses of processor hardware.

Evtyushkin said these discoveries were predictable given what most people focus on when making processors.

“There are design considerations and a trade-off between security and performance. Most companies focus on performance and build their design around that,” he said.

This focus on performance made for the processor design flaws.

“There had been a lot of research like ours that looked at potential processor issues, so everything was set up for this major development,” Ponomarev explained.

In the most recent study, the team of researchers – joined by associate teaching professor Ryan Riley from Carnegie Mellon University in Qatar – introduced the attack by explaining that “BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit.”

While in Spectre and Meltdown the data leaks through the processor’s cache, BranchScope takes advantage of weaknesses in the branch predictor and leaks information directly through it. Intel has worked to combat Spectre and Meltdown but this new type of attack means that Intel has some work to do to make its processors fully secure.

While the sheer number of attacks developed this year can make consumers worried about their data, Ponomarev said discovering these attacks will only make processors more secure in the future.

“As researchers, we want to find the places that are most susceptible. It helps us stop a problem before it becomes an easy hack and then we can build better and more secure processors,” he explained. “It would have been impossible to even predict that someone could develop these attacks years ago when the foundations of current hardware architectures were developed.”

According to Ponomarev, “average users should feel safer now that these attacks have been found by reputable researchers instead of malicious hackers.”

In response to the research, Intel has said in a statement, “We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits. We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.”