Re: YASV (Yet Another Security Vulnearability)

Liste des GroupesRevenir à c arch 
Sujet : Re: YASV (Yet Another Security Vulnearability)
De : already5chosen (at) *nospam* yahoo.com (Michael S)
Groupes : comp.arch
Date : 27. Jul 2024, 19:33:09
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <20240727213309.0000773e@yahoo.com>
References : 1 2 3 4
User-Agent : Claws Mail 4.1.1 (GTK 3.24.34; x86_64-w64-mingw32)
On Fri, 26 Jul 2024 16:17:50 GMT
anton@mips.complang.tuwien.ac.at (Anton Ertl) wrote:

EricP <ThatWouldBeTelling@thevillage.com> writes:
One thing they mention is Intel and AMD incorporating privilege level
tagging into the BTB, as I suggested when this all started.
Combine that with purging the user mode entries from the predictor
tables on thread switch and I would think that would shut this all
down. 
 
1) The attacker can still attack the context (even if the notion of
   context includes the privilege level) from within itself.  E.g.,
   the kernel can be attacked by training the kernel-level branch
   prediction by performing appropriate system calls, and then
   performing a system call that reveals data through a
   mis-speculation side channel.  IIRC such Spectre attacks have
   already been demonstrated years ago.
 
2) Users are supposedly not prepared to pay the cost of invisible
   speculation (-5-20%, depending on which paper you read) , are they
   prepared to pay the cost of purging the user-mode entries of branch
   predictors on thread switches?
  
   My guess is that the stuff plays out as usual: The hardware
   manufacturers don't want to implement a proper fix like invisible
   speculation, and they suggest software mitigations like purging
   user-mode entries on thread switch.  The software people then
   usually consider the mitigation too expensive in performance or in
   development effort, so only a miniscule amount of software contains
   Spectre mitigations.
 
- anton

That's how it should be.
Not really attacks -> not really mitigations.
I am not willing to pay even 0.001% in performance to mitigate
non-threats. And as far as I am concerned, anything that requires
running arbitrary binary code on my computer, even on least privileged
account, is a non-threat.





Date Sujet#  Auteur
24 Jul 24 * YASV (Yet Another Security Vulnearability)15Thomas Koenig
25 Jul 24 +* Re: YASV (Yet Another Security Vulnearability)2MitchAlsup1
4 Aug 24 i`- Re: YASV (Yet Another Security Vulnearability)1Bozo User
25 Jul 24 +* Re: YASV (Yet Another Security Vulnearability)11Michael S
26 Jul 24 i`* Re: YASV (Yet Another Security Vulnearability)10Anton Ertl
26 Jul 24 i +* Re: YASV (Yet Another Security Vulnearability)5MitchAlsup1
27 Jul 24 i i+* Re: YASV (Yet Another Security Vulnearability)2MitchAlsup1
30 Jul 24 i ii`- Re: YASV (Yet Another Security Vulnearability)1MitchAlsup1
31 Jul 24 i i`* Re: YASV (Yet Another Security Vulnearability)2Paul A. Clayton
1 Aug 24 i i `- Re: YASV (Yet Another Security Vulnearability)1Paul A. Clayton
27 Jul 24 i +- Re: YASV (Yet Another Security Vulnearability)1Michael S
29 Jul 24 i `* Re: YASV (Yet Another Security Vulnearability)3Anton Ertl
29 Jul 24 i  +- Re: YASV (Yet Another Security Vulnearability)1MitchAlsup1
31 Jul 24 i  `- Re: YASV (Yet Another Security Vulnearability)1MitchAlsup1
25 Jul 24 `- Re: YASV (Yet Another Security Vulnearability)1Anton Ertl

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal