The research by Kazem Taram and his team at Purdue University and UC San Diego has led to the creation of the most accurate and powerful microarchitectural control-flow extraction attack to date. The research, which involved collaboration with UC San Diego coauthors Dean Tullsen, Hosein Yavarzadeh, Archit Agarwal, and Deian Stefan, was supported by various organizations including the Air Force Office of Scientific Research, the Defense Advanced Research Projects Agency, the National Science Foundation, the Alfred P. Sloan Research Fellowship, and donations from Intel, Qualcomm, and Cisco.
The researchers followed responsible disclosure practices by notifying Intel and AMD of their security findings in November 2023. Both companies took action to address the concerns raised in the paper by issuing a Security Announcement (Intel) and a Security Bulletin (AMD-SB-7015). The findings were also shared with the Vulnerability Information and Coordination Environment (VINCE) under Case VU#157097. This collaborative effort highlights the importance of ethical and transparent communication in addressing cybersecurity vulnerabilities.
