[Cryptography] Speculation re Intel HW cockup; reqs. OS rewrites & slow execution
Nico Williams
nico at cryptonector.com
Fri Jan 5 11:50:38 EST 2018
On Thu, Jan 04, 2018 at 08:38:27PM -0800, Bill Frantz wrote:
> On 1/4/18 at 5:06 PM, nico at cryptonector.com (Nico Williams) wrote:
> >Speculative execution is necessarily side-effect-having by its potential
> >cache thrashing impact and ability to be impacted by cache thrashing.
> >This necessarily creates side-channels. It seems unavoidable except by
> >having sandboxed caches, but that's probably not an option for many
> >reasons (including power consumption).
>
> I can imagine speculative execution which does not proceed if the needed
> data is not already in the cache. If the caching is working as advertised,
> this will have a small effect on overall performance. (MOst of the data
> needed is already in the cache.) It will defeat the attacks which use cache
> presence or absence as a signaling path.
Fair enough, though this is basically "slow things down".
Also, speculation would have to be limited to accessing cache lines in
L1, since accessing cache lines in L2/L3 would evict a cache line from
L1, which in turn would be visible via timing.
More information about the cryptography
mailing list