When Google’s security researchers said in their whitepapers for the Spectre and Meltdown that future side channel attacks of the same nature would surface after their work was published, they should have taken bets for real money on that. This week researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have all jointly submitted their whitepaper for a new side channel attack called BranchScope, a variant of an attack based on the Spectre 2 vulnerability that takes advantage of Intel’s branch predictor in their modern processor architectures, and exploits it to leak sensitive user data. Like Spectre 2, it can be fixed in software or hardware. Mitigations against this kind of attack are still being developed, so it’s unlikely that we’ll see patches for this vulnerability this week.
BranchScope was announced without fanfare. It does have a catchy name, but that’s about it – there’s no fancy logos or videos to accompany it, no websites set up to tell people what it’s about. The ten-page whitepaper that appears in the ASPLOS 2018 journal for this week includes data about working attacks the researchers carried out, and much of the data that the attack is able to leak is similar to the data that researchers were able to extract with Spectre – that is, things like passwords in a browser, or the contents of messages you might be typing, or perhaps the contents of files before they are encrypted.
Spectre was able to look at the data in a processor’s cache to determine what kind of information had been recently discarded by the processor that it didn’t need to use. After measuring some key performance indicators, an attacker could learn something about the cache contents, and predict what those contents were with between 95-98% accuracy. Branch prediction is a feature where the CPU attempts answering complex sets of problems ahead of time so that it doesn’t have to waste time actually doing all those calculations one-by-one. The results of those calculations are stored temporarily, so it’s possible to learn about what those results were even if they were incorrect. This is where the bulk of software performance improvements have come from Intel’s side over the last decade.
BranchScope uses the same idea, attacking the branch predictor and seeing what happens when it fails, but it does an additional trick of looking at the notes the branch predictor keeps to keep track of where it’s currently headed. The branch predictor keeps a log of all the different directions that a given set of code might go into, and it records a value between 1 and 4, from “strongly prefer this direction” or “strongly discard this direction”. The CPU runs through all the branches to a certain point to determine how accurate a branch may be at ending in the right place and gives each branch a value. Maybe you did a similar thing as a child reading Choose Your Own Adventure books – you may have kept a log of which pages allowed you to skip to the next chapter, and which directions to take to end the story in the right way. Run into trouble, and you can safely mark that line of choices as a bad one, and go back to a point where you had more options.
That’s how BranchScope is able to figure out what action is likely to be taken next, and what the result was – it creates a problem for the branch predictor that forces it to give the branches a value, and looks into the log generated by the branch predictor (called the pattern history table) to figure out which direction the code went in, and what the predictor thinks is the most likely outcome. Through the power of math, computer science, and black magic, attackers are able to learn about sensitive data in the system and can extract it at will. The researchers reveal that the attack works against several vulnerable pieces of software, including an image viewer library that is freely distributed on Windows, MacOS, and Linux.
The research team notes that most people aren’t vulnerable to this type of attack, because it needs code to be executed on the target machine, perhaps with administrative privileges. It is possible to fix this in software, but it is dependent on developers to fix this in their own software (and this applies for operating system vendors as well). There are several hardware-level fixes on the table as well, which include shuffling the data around to prevent attackers from figuring out the branch direction, removing the ability to predict branches which are tagged as including sensitive code, or separating branch prediction entirely, leaving it as its own unit with separate ways of storing data.
All of these mitigations will be examined by affected vendors (Intel in particular), and hopefully we’ll see fixes land on our computers in the future.