BlindSide won this year’s Pwnie award in the most innovative research category. BlindSide is a result of a multi-year collaboration between researchers from Stevens Institute of Technology, Vrije Universiteit Amsterdam and ETH Zurich (COMSEC).
Assume that drug A cures disease A and drug B cures diseases B. If a person has both diseases A and B, then a combination of drug A and drug B should cure the person, right?! Unfortunately not always. Disease A, for example, could have an adverse effect on drug B, making it ineffective against disease B.
Systems security works somewhat in the same way! To make life tractable, we are used to think of threat models in isolation. If we have software vulnerabilities, we can deploy mitigations against these software vulnerabilities. If we have hardware vulnerabilities, we can similarly deploy mitigations against these hardware vulnerabilities. Unfortunately similar to diseases and drugs, BlindSide shows that these vulnerabilities and mitigations can interact with each other in unfortunate ways and life cannot be that simple.
More specifically, BlindSide shows that given the Spectre vulnerability (present in all major CPUs), a single software vulnerability is enough to bypass mitigations against software and hardware vulnerabilities inside the Linux kernel. The software vulnerability can be abused to bypass deployed mitigations against Spectre. Spectre can in turn be used to bypass software mitigations such as randomization by speculatively probing in the address space to leak sensitive information and compromise the system.