“Pathfinder is the most accurate and powerful microarchitectural control-flow extraction attack that has been seen so far,” said Kazem Taram, an assistant professor of computer science at Purdue University and a UC San Diego computer science PhD graduate. The research involved collaboration with UC San Diego coauthors Dean Tullsen, Hosein Yavarzadeh, Archit Agarwal, and Deian Stefan. Additional coauthors included Christina Garman and Daniel Moghimi from Purdue University, Daniel Genkin from Georgia Tech, and Max Christman and Andrew Kwong from the University of North Carolina Chapel Hill.
This research was supported by various organizations, including the Air Force Office of Scientific Research, the Defense Advanced Research Projects Agency, the National Science Foundation, the Alfred P. Sloan Research Fellowship, and donations from Intel, Qualcomm, and Cisco. These resources allowed for the exploration and understanding of microarchitectural control-flow extraction.
The researchers followed responsible disclosure practices by notifying Intel and AMD of the security findings in November 2023. Intel subsequently alerted other affected hardware/software vendors of the issues. Both companies committed to addressing the concerns raised in the paper by issuing a Security Announcement (Intel) and a Security Bulletin (AMD-SB-7015), respectively. The findings were also shared with the Vulnerability Information and Coordination Environment (VINCE) under Case VU#157097, which pertains to a class of attack primitives that enable data exposure on high-end Intel CPUs. This collaborative effort highlights