[Cryptography] Speculation considered harmful?
Benjamin Kreuter
brk7bx at virginia.edu
Tue Jan 9 07:51:45 EST 2018
On Mon, 2018-01-08 at 13:14 +1000, jamesd at echeque.com wrote:
> On 1/8/2018 9:38 AM, Nico Williams wrote:
> > But it would then have to reload whatever they had contained
> > before.
> > Eviction is still a side-effect.
>
> Eviction does not need to be a very informative side effect.
The entire point of these attacks is to turn eviction into a more
informative side effect. Basically the line that is evicted will
depend on the value of a byte you were not supposed to be able to read
i.e. you use a value as the index in an array you can legally read.
One possible way to reduce the information revealed by evictions would
be to forbid speculative loads based on speculative results, which
would at least solve these attacks (there may be others). To deal with
this in general you would probably need to have an entire separate
cache for speculation, with multiple such caches available to deal with
nested branches etc.
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180109/824a6f18/attachment.sig>
More information about the cryptography
mailing list