Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
ASUS GeForce RTX 3080 Noctua OC review
AMD Ryzen 5 5600 review
PowerColor RX 6650 XT Hellhound White review
FSP Hydro PTM Pro (1200W PSU) review
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review
MSI Radeon RX 6950 XT Gaming X TRIO review

New Downloads
AIDA64 Download Version 6.70
FurMark Download v1.30
Display Driver Uninstaller Download version 18.0.5.1
Download Samsung Magician v7.1.1.820
Intel ARC graphics Driver Download Version: 30.0.101.1732
HWiNFO Download v7.24
GeForce 512.77 WHQL driver download
Intel HD graphics Driver Download Version: 30.0.101.1960
AMD Radeon Software Adrenalin 22.5.1 WHQL driver download
3DMark Download v2.22.7359 + Time Spy


New Forum Topics
Gigabyte Project Stealth Hides All Cables Inside Chassis AMD is developing Smart Access Storage to enable speedier game loading. Nvidia shows signs ... Extreme 4-Way Sli Tuning AMD Radeon Software Adrenalin 22.5.2 WHQL driver download and discussion 5900x or 5800x3D? Review: ASUS GeForce RTX 3080 Noctua OC AMD FidelityFX Super Resolution 2.0 - Deathloop preview AMD Software Preview Driver May 2022 driver download and discussion Are we ever going to get a new NVIDIA CONTROL PANEL ???




Guru3D.com » News » Researchers Discover new Intel processor Vulnerability - the BranchScope Attack

Researchers Discover new Intel processor Vulnerability - the BranchScope Attack

by Hilbert Hagedoorn on: 03/28/2018 01:58 PM | source: | 48 comment(s)
Researchers Discover new Intel processor Vulnerability - the BranchScope Attack

A new Vulnerability has been discovered on Intel processors by researchers. The security attack uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.

The new attack, called BranchScope, has been identified and demonstrated by a team of researchers from the College of William & Mary, University of California Riverside, Carnegie Mellon University in Qatar, and Binghamton University, reports securityweek:

Similar to Meltdown and Spectre, BranchScope can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code. Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, “on par with other side-channel attacks.” The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures. Experts showed that the attack works even if the targeted application is running inside of an Intel SGX enclave. Intel SGX, or Software Guard Extensions, is a hardware-based isolated execution system designed to prevent code and data from getting leaked or modified. BranchScope is similar to Spectre as they both target the directional branch predictors. Branch prediction units (BPUs) are used to improve the performance of pipelined processors by guessing the execution path of branch instructions. The problem is that when two processes are executed on the same physical CPU core, they share a BPU, potentially allowing a malicious process to manipulate the direction of a branch instruction executed by the targeted application.

 

 

The BPU has two main  components – a branch target buffer (BTB) and a directional predictor – and manipulating either one of them can be used to obtain potentially sensitive data from the memory. Intel recently published a video providing a high level explanation of how these attacks work. Researchers showed on several occasions in the past how BTB manipulation can be used for attacks, but BranchScope involves manipulation of branch predictors. “BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit,” the researchers explained in their paper.

The researchers who identified the BranchScope attack method have proposed a series of countermeasures that include both software- and hardware-based solutions. Dmitry Evtyushkin, one of the people involved in this research, told SecurityWeek that while they have not been tested, the microcode updates released by Intel in response to Meltdown and Spectre might only fix the BTB vector, which means BranchScope attacks could still be possible. However, Intel told the researchers that software guidance for mitigating Spectre Variant 1 could be effective against BranchScope attacks as well. “We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits,” Intel said in an emailed statement. “We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.”

BranchScope is not the only CPU side-channel attack method uncovered following the disclosure of Meltdown and Spectre. One of them, dubbed SgxPectre, shows how Spectre can be leveraged to defeat SGX.

Researchers have also demonstrated new variants of the Meltdown and Spectre attacks, which they have named MeltdownPrime and SpectrePrime.

Intel has released the following statement:

 We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits. We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers.



Researchers Discover new Intel processor Vulnerability - the BranchScope Attack




« Guru3D PC Buyers Guide Spring Edition 2018 · Researchers Discover new Intel processor Vulnerability - the BranchScope Attack · ASRock Phantom Gaming Graphics Cards Leak - Includes Entire RX 500 line »

Related Stories

Intel processors will get hardware fix for Spectre and Meltdown this year - 01/26/2018 09:58 AM
In a discussion on its Earnings Call, Intel mentions it will release processors that are not susceptible to the Spectre and Meltdown vulnerabilities. The news reaches us today through Intel director...

New Hardware Vulnerability Found in Intel Processors - 01/03/2018 09:04 AM
The details are still very scarce, but a new and potentially huge vulnerability was discovered with pretty much all Intel processors. The good news, it can be fixed, the bad news is that certain workl...

9th Generation Intel Processors Will Get Octa Core i7 - 11/27/2017 05:34 PM
In what is a pretty difficult to translate article, Asia based HKEPC claims to have spoken with motherboard manufacturers, and discovered that Intel's upcoming 9th generation processors will again se...

Cashback action for motherboards and Intel procs at Gigabyte - 10/17/2017 03:35 PM
Gigabyte announced a new cashback campaign that actually might be worthwhile looking into. When purchasing a selected Z270 motherboard, users can get a maximum of 85 Euro return, depending on the com...

Corsair is ready for 7th Generation Intel Products - 01/03/2017 04:19 PM
Corsair announced its readiness for the new 7th Generation Intel Core processors and Intel 200 series motherboards, paving the way for a new generation of performance PCs. ...


10 pages « 3 4 5 6 > »


RealNC
Senior Member



Posts: 3669
Joined: 2011-11-24

#5532838 Posted on: 03/28/2018 10:53 PM
Screw this. I don't know about you, but I think it's time to go back to this:



rl66
Senior Member



Posts: 3372
Joined: 2007-05-31

#5532843 Posted on: 03/28/2018 10:58 PM
Screw this. I don't know about you, but I think it's time to go back to this:


it was quite good performance and lot of fun :)

RealNC
Senior Member



Posts: 3669
Joined: 2011-11-24

#5532847 Posted on: 03/28/2018 11:11 PM
it was quite good performance and lot of fun :)

What do you mean "was?" :)

tsunami231
Senior Member



Posts: 12786
Joined: 2003-05-24

#5532865 Posted on: 03/29/2018 12:10 AM
What do you mean "was?" :)


Which was? the fun or good performance?, I got alot fond memory about my old 286 8mhz ibm, if that thing still worked i would throw in my original king quest 1~4 and Space quest games I still have discs for and play em, even joe montana football, Budokan, Mechwarrior etc, game that were games all about the gameplay

blazngun
Member



Posts: 23
Joined: 2017-11-24

#5532885 Posted on: 03/29/2018 01:54 AM
You are spot on about gameplay tsunami. I have been saying for years that a good game can "look like crap" but still be awesome fun. Vast majority of new games look pretty but "are crap". It doesnt matter if its flashy and polished if its crap to play.

10 pages « 3 4 5 6 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022