Researchers Working Toward Processor-Specific Attacks

2010-11-10T17:35:17
ID THREATPOST:A6CB865028E8F3BAED784B3BAFD7A116
Type threatpost
Reporter Paul Roberts
Modified 2013-04-17T16:35:43

Description

Processor bugThe last two decades have been a cake walk for malware authors. More than nine-tenths of the world’s computers run some variation of the same operating system – Microsoft’s Windows. A similarly sized super-majority use an array of applications from the same vendor: Microsoft Office, the Internet Explorer Web browser and Outlook e-mail client. As a result, writing malicious code that had a good chance of finding a vulnerable target system has been a trivial matter.

Alas, the next twenty years aren’t likely to be as straightforward. The Windows market share is slipping – albeit slowly – as rivals like Mac and Linux gain adherents and, especially, as users shift from desktop PCs to mobile devices running Apple’s iOS, Google’s Android, RIM’s Blackberry, and so on. Similar declines are being recorded in the market share of Office, IE and other Microsoft mainstays.

With the disappearance of an OS monoculture, attackers would do well to find attacks that are neither OS or application specific. One way to do that, of course, is to target attacks at hardware, rather than software. Now research out of Frances Ecole Superiore d’Informatique, Electronique, Automatique (ESIEA) moves a step closer to that goal: identifying a method for isolating the processor used by anonymous systems for the purpose of subverting that hardware.

A post on the blog of MIT’s Technology Review, notes this recent paper by Anthony Desnos, Robert Erra and Eric Filiol of ESIEA. The research tackles a foundational problem for anyone looking to target attacks at processors: figuring out which processor a particular system is using. To do this, the authors devised a method of using Floating Point Arithmetic to fingerprint specific processors by identifying the limitations of those processors and the ways that they have been programmed to manage those limitations.

Noting the now infamous case of the floating point bug in Pentium processors, the researchers generalize that each processor and family of processors betrays its identity through the algorithms it uses to perform basic calculation functions, including floating point arithmetic.

By observing the output of a variety of processors to a set of mathematical tests, the researchers were able to consistently identify subclasses of processors, including those by Intel, AMD, etc.

The researchers claim to be working on a tool, dubbed Proc_Scope that will use specific numerical expressions to identify the processor type, and to be working on an algorithm that can help identify a specific processor.