Subject: Re: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only)
To: None <tech-security@NetBSD.org>
From: SODA Noriyuki <email@example.com>
Date: 07/01/2005 18:49:48
>>>>> On Thu, 30 Jun 2005 18:12:17 -0400,
NetBSD Security-Officer <security-officer@NetBSD.org> said:
> NetBSD Security Advisory 2005-001
> Topic: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only)
> Later potential workarounds:
> 1. Reimplement all cryptographic code to use constant time, and constant
> cache-access execution patterns. There is some interest along these
> lines from various groups, as a result of this issue. NetBSD's Security
> Officers will monitor the availability of such code.
Isn't this vulnerability caused by the fact that spying process and spyed
process are sharing the cache for cryptographic processing?
If so, how about moving such sensitive code to private memory space
(e.g. allocate anonymous memory for each process, copy the code to the
anonymous memory, and make the memory read-only and executable) to
prevent to share the cache?
This wastes some amount of memory, but I think such sensitive code
is not so large, so I guess it's acceptable.