The collaboration between researchers at Purdue University and the University of California, San Diego has led to the discovery of a new microarchitectural control-flow attack that is considered the most accurate and robust to date. Kazem Taram, an assistant professor of computer science at Purdue, said that the research involved multiple co-authors including Dean Tullsen, Hossein Yavarzadeh, Archit Agarwal and Deian Stefan of UC San Diego.
The findings were supported by various organizations such as the Air Force Office of Scientific Research, the Defense Advanced Research Projects Agency, the National Science Foundation, the Alfred P. Sloan Foundation and donations from Intel, Qualcomm and Cisco. This support allowed for advancements in understanding microarchitectural control flow extraction.
The researchers followed responsible disclosure practices by notifying Intel and AMD of their security findings in November 2023. Intel subsequently alerted other affected hardware/software vendors while both companies have committed to addressing the issues raised in their respective documents by issuing a Security Notice (Intel-SN) and Security Bulletin (AMD-SB-7015).
This collaborative effort underscores the importance of ethical and transparent communication when addressing cybersecurity vulnerabilities as it allows for better protection against attacks that can expose sensitive data on high-end processors.