New Intel CPU side-channel attack Indirector can leak sensitive data

Five years after the Spectre and Meltdown CPU attacks rocked the computer industry, researchers are still finding new techniques that exploit low-level processor features to break security boundaries in operating systems and leak protected data across different processes and privilege levels.

The latest variation, dubbed Indirector, was revealed in a recently published academic paper that will be presented at the USENIX Security Symposium in August. The techniques devised by ​​University of California San Diego researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen exploit the indirect branch predictor (IBP) and the branch target buffer (BTB) in high-end Intel CPUs (Raptor Lake and Alder Lake).

“Leveraging insights from reverse engineering efforts, this research develops highly precise branch target injection (BTI) attacks to breach security boundaries across diverse scenarios, including cross-process and cross-privilege scenarios and uses the IBP and the BTB to break Address Space Layout Randomization (ASLR),” the researchers said on a website dedicated to their research.

What are branch target injection and speculative execution?

Branch target injection (BTI) is the technical name given to Spectre v2, one of the initial transient execution vulnerabilities disclosed in January 2018 that kicked off several years of CPU microcode security research.

These attacks exploit a performance optimization feature of modern CPUs known as speculative execution in order to leak sensitive data temporarily stored in the CPU’s caches. This also makes them side-channel attacks.

Speculative execution involves the CPU’s microcode using special algorithms to guess the path that a program’s execution will take when it reaches a future conditional branch in the program’s code. The goal is to execute instructions down the predicted path in advance and temporarily store the results in CPU caches so they can be served instantly when the program’s execution flow needs them. If the prediction proves to be incorrect, the results are discarded.

Researchers determined that they could use multiple techniques to influence this mechanism so that specific branches from other processes, even in different privilege domains, get executed in order to leak sensitive data that shouldn’t normally be available to the process they control.

For example, the isolation between the kernel memory space and user space applications is critical to the security of modern operating systems and vulnerabilities like these can break that.

What is the Indirector attack?

The Spectre attack, or BTI, has had multiple variations found over the years and Intel and other CPU vendors have responded by implementing new microcode mechanisms that can be used to mitigate these attack techniques. However, these features are not perfect because leveraging them to their full potential in software or at the OS level can have a serious performance overhead which is unacceptable for some workloads.

Prior security research has primarily focused on exploiting the branch target buffer (BTB) and return stack buffer (RSB), two components of the CPU’s branch predictor. However, the Indirector attack focuses on a third component called the indirect branch predictor (IBP), which computes the target address of indirect branches.

“Indirect branches are control flow instructions whose target address is computed at runtime, making them challenging to predict accurately,” the UCSD researchers wrote. “The IBP uses a combination of global history and branch address to predict the target address of indirect branches. By analyzing the structure and operation of the IBP, we identify vulnerabilities that can be exploited to launch precise branch target injection (BTI) attacks.”

The researchers reverse-engineered the IBP mechanism in high-end Intel CPUs and then devised a tool called the iBranch Locator that can identify where a target process’ indirect branch is located in the IBP set. This allowed them to develop two attacks that could accurately inject arbitrary target addresses in either the IBP or the BTB.

How to protect against Indirector

The researchers notified Intel of their research in February and the company has also notified other hardware and software vendors. The company already a mitigation for Spectre-like attacks in 2018 called the indirect branch predictor barrier (IBPB). While this in theory can be used to mitigate the new Indirector attack techniques, it would have to be used more aggressively than it currently is in practice.

“The default policy in the latest Linux version, termed IBPB: conditional, only activates IBPB during transitions to SECCOMP mode or tasks with restricted indirect branches in the kernel,” the researchers said.

“Consequently, IBPB activation is infrequent in both user and kernel spaces due to the significant performance overhead (up to 50%). It is not a viable mitigation for frequent domain crossings (browsers, sandboxes, and even kernel/user) — plus the fact that the OS does not use it in the most frequent domain transitions by default.”

Intel has also made changes to the branch prediction unit (BPU) design in new CPUs that aim to prevent indirect branch attacks between different privilege levels and different CPU cores by adding new fields such as core ID and privilege level. However, the researchers note that potential attack surfaces within the same-core and same-privilege scenarios still remain and suggest even more fine-grained isolation in future designs.

More by Lucian Constantin:

• MD5 attack puts RADIUS networks everywhere at risk
• Cisco patches actively exploited zero-day flaw in Nexus switches
• OpenSSH vulnerability regreSSHion puts millions of servers at risk