Subj : Re: Timing side channels To : comp.programming.threads From : David Schwartz Date : Wed Sep 21 2005 12:57 pm "David Hopwood" wrote in message news:18dYe.4052$lB4.166@fe3.news.blueyonder.co.uk... >> If they rely upon isolation that's not guaranteed, they get what they >> deserve. > Not really: > - at the time the software was written, no implementation of x86 (or > other platforms) used caches shared between processes executing in > parallel. Right, but such isolation was not *guaranteed*. > So it is just as reasonable to attribute the cause of the problem to > {HT with shared caches} breaking an implicit security requirement, as > to the software relying on isolation that was not guaranteed. No. It should be well understood that future hardware and future operating systems may not be able to make things that "just happened to work" in the past continue to work. That's why you should only rely on things that are guaranteed. You can blame the hardware or the OS if and only if it breaks a guarantee. > - the software in question cannot do anything about caches being > shared between mutually untrusting processes. Only the operating > system can fix that. The software can try, to some extent, to > reduce the amount of information leaked via the cache, but it > is impossible to eliminate this leakage entirely. Then the software is insecure by design. DS .