“Pathfinder, developed by Kazem Taram, an assistant professor of computer science at Purdue University and a UC San Diego computer science PhD graduate, is a powerful microarchitectural control-flow extraction attack that can reveal the outcome of almost any branch in almost any victim program. This makes it one of the most precise and powerful attacks of its kind.”
UC San Diego coauthors of this work include Dean Tullsen, Hosein Yavarzadeh, Archit Agarwal, and Deian Stefan. Other coauthors include researchers from Purdue University, Google, Georgia Tech, and the University of North Carolina Chapel Hill.
Funding for this research was provided by various sources, including the Air Force Office of Scientific Research, the Defense Advanced Research Projects Agency, the National Science Foundation, the Alfred P. Sloan Research Fellowship, and gifts from Intel, Qualcomm, and Cisco.
The security findings of this research were disclosed to both Intel and AMD in November 2023. Intel has informed other affected hardware/software vendors about the issues identified. Both Intel and AMD have plans to address the concerns raised in the research through Security Announcements and Bulletins. The findings have also been shared with the Vulnerability Information and Coordination Environment, with a specific reference to the Class of Attack Primitives Enable Data Exposure on High End Intel CPUs.