[Cryptography] Other obvious issues being ignored?

Bill Frantz frantz at pwpconsult.com
Wed Oct 21 10:26:29 EDT 2015


On 10/20/15 at 8:40 PM, leichter at lrw.com (Jerry Leichter) wrote:

>I wonder how the NSA writes its security-related code?

Assembler is your friend.

With fewer hardware architectures now than in the past, it is 
actually practical to write separate assembler routines for each 
architecture to perform simple tasks like clearing sensitive data.

With RISC architectures it is probably impossible to write code 
which keeps sensitive data out of registers and therefore out of 
kernel memory on task switch. Is it possible on the X86 
architecture? In any case, assembler will offer higher assurance 
of what the code actually does than any compiled language.

The key here is to keep the assembler code simple enough that 
you can get reasonable assurance of correctness. Saying 
assurance of correctness is, of course, opening a can of worms. 
The proof people argue that proof is good enough. People like me 
disagree, but do think proofs are useful because they provide 
another way of looking at code. For some attacks, like the Linux 
"if ((userno = 0)) ..." attack, which was almost committed to 
the source tree, assembler may actually be easier to check.

I will note that there have been systems which automatically 
checked machine code for certain characteristics. The one I have 
heard of permitted untrusted code to run in an operating system 
kernel. It checked for termination by assuring there were no 
backward branches, and for safety by assuring there were no 
stores. (The result was returned in a register.) These are 
severe limitations on coding style, but still permitted the 
untrusted code to do useful things.

This experience shows that you don't have to accept every 
program which is actually safe, that you can impose some fairly 
severe limitations on coding style, you can still do useful 
work, and you can get significant assurance advantages.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"Web security is like medicine - trying to 
do good for
408-356-8506       |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |



More information about the cryptography mailing list