[Cryptography] Speculation considered harmful?
Bill Frantz
frantz at pwpconsult.com
Tue Jan 9 18:39:19 EST 2018
On 1/9/18 at 1:36 PM, cryptography at dukhovni.org (Viktor
Dukhovni) wrote:
>>On Jan 9, 2018, at 2:42 PM, Jerry Leichter <leichter at lrw.com> wrote:
>>
>>Spectre involves code within one hardware security domain gaining access to information *within the
>same security domain*.
>
>My reading of the Spectre paper finds no such constraint.
>Concurrent execution that trips over the vulnerable "gadget"
>seems to suffice even across process boundaries. Did I miss
>some crucial text that narrows the exposure?
My reading is the same as Victor's. Note that the Branch Target
Buffer is addressed by virtual address -- sometimes just a
truncation of a virtual address. It does not have address space
information or process ID or anything which would confine it to
one process/security domain.
To quote from the Spectre paper:
In most cases, the attack begins with a setup phase,
where the adversary performs operations that mistrain
the processor so that it will later make an exploitably
erroneous speculative prediction. In addition, the setup
phase usually includes steps to that help induce spec-
ulative execution, such as performing targeted memory
reads that cause the processor to evict from its cache a
value that is required to determine the destination of a
branching instruction. During the setup phase, the ad-
versary can also prepare the side channel that
will be
used for extracting the victim’s information, e.g. by per-
forming the flush or evict portion of a
flush+reload or
evict+reload attack.
During the second phase, the processor speculatively
executes instruction(s) that transfer confidential informa-
tion from the victim context into a microarchitectural
side channel.
Cheers - BIll
-----------------------------------------------------------------------
Bill Frantz | I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos,
CA 95032
More information about the cryptography
mailing list