Computer Scientists Discover Vulnerability Affecting Computers Globally
|From left, clockwise: Dean Tullsen, professor, and Ph.D. student Mohammadkazen Taram at UC San Diego, teamed up with UC San Diego alumnus and UVA professor Ashish Venkat.|
April 30, 2021--Computer scientists at the University of California San Diego with researchrs at the University of Virginia School of Engineering to uncover a line of attack that breaks current defenses against Spectre, a devastating hardware flaw in computers eqwuipped with Intel and AMD processors. This means that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.
The team reported its discovery to international chip makers in April and will present the new challenge at a worldwide computing architecture conference, the International Symposium on Computer Architecture, or ISCA, in June.
Led by Ashish Venkat, a UVA professor and UC San Diego alumni, with Dean Tullsen, a professor in the Department of Computer Science and Engineering at UC San Diego, the researchers found a new way for hackers to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process. Micro-op caches have been built into Intel computers manufactured since 2011.
The UC San Diego/UVA team reverse-engineered certain undocumented features in Intel and AMD processors. They have detailed the findings in their paper: “I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches.”
These two UC San Diego and UVA teams have collaborated before, including on a paper UC San Diego Ph.D. student Mohammadkazem Taram presented at the ACM International Conference on Architectural Support for Programming Languages and Operating Systems in April 2019. The paper, “Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization,” which introduced one of just a handful more targeted microcode-based defenses developed to stop Spectre in its tracks, was recently selected as a Top Pick in Hardware and Embedded Security among papers published in the six-year period between 2014 and 2019.
Read the full story from UVA about their research and its impact here.