[Cryptography] Speculation considered harmful?
Jerry Leichter
leichter at lrw.com
Tue Jan 9 21:44:52 EST 2018
> On Jan 9, 2018, at 4:36 PM, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
>
>
>
>> On Jan 9, 2018, at 2:42 PM, Jerry Leichter <leichter at lrw.com> wrote:
>>
>> Spectre involves code within one hardware security domain gaining access to information *within the same security domain*.
>
> My reading of the Spectre paper finds no such constraint.
> Concurrent execution that trips over the vulnerable "gadget"
> seems to suffice even across process boundaries. Did I miss
> some crucial text that narrows the exposure?
Cross-process attacks could be fixed at the hardware (or OS) level by, for example, flushing the branch history on process switch. (There's no direct hardware support for this right now so OS's are getting the same effect by executing a bunch of chosen branches - which do nothing directly useful - during process switch.) Since process switches are relatively infrequent, the extra cost - even with the current hack-arounds - should be acceptable.
In-process mitigation uses the same ideas with the compiler generating the extra branches. On its face, this is much more expensive because it's in the code that the process normally runs - likely frequently. But there seem to be clever ways to accomplish it that have relatively small overhead. The hardware, though - beyond providing direct ways to flush the branch buffers and such - can't help much here.
-- Jerry
More information about the cryptography
mailing list