undefined | Better HN

0 pointsmikewarot5y ago0 comments

The fix is simple, don't allow access to clocks or timing information in anything other than the microkernel that runs the OS.

0 comments

6 comments · 2 top-level

jeffbee5y ago· 3 in thread

That would break so many things.

mikewarotOP5y ago

Proper multi-level security doesn't allow access to the clock in anything other than the top level. You could just have a monotonically counter that is periodically synced to reality every minute or two.

jeffbee5y ago

I must be misunderstanding what you are suggesting, since what it seems like you are suggesting would never work. High-resolution timing information is available to user applications via numerous APIs today. Hyrum's Law, and common sense, tell us we can't just lose this feature of operating systems and expect applications to work.

titzer5y ago

You can construct a high resolution timer from shared mutable memory and multiple threads. It's simple. One thread increments a counter, and the other thread reads it.

xucheng5y ago· 1 in thread

You don't need OS to build a very precise clock for the purpose of exploiting timing attack. That's why SharedArrayBuffer[1] is disabled in all browsers.

Moreover, not every side channel attack relies on timing attack.

For interested readers, there is a paper titled "Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript", which discussed a variety of ways to build high resolution clocks.

[1]: https://security.stackexchange.com/questions/177033/how-can-...

titzer5y ago

SharedArrayBuffer is not disabled in all browsers. It was briefly disabled at disclosure time of the first Spectre vulnerabilities, but as browsers moved to site isolation (one process per origin), they have reenabled it.

j / k navigate · click thread line to collapse

0 comments

6 comments · 2 top-level

jeffbee5y ago· 3 in thread

That would break so many things.

mikewarotOP5y ago

Proper multi-level security doesn't allow access to the clock in anything other than the top level. You could just have a monotonically counter that is periodically synced to reality every minute or two.

jeffbee5y ago

I must be misunderstanding what you are suggesting, since what it seems like you are suggesting would never work. High-resolution timing information is available to user applications via numerous APIs today. Hyrum's Law, and common sense, tell us we can't just lose this feature of operating systems and expect applications to work.

titzer5y ago

You can construct a high resolution timer from shared mutable memory and multiple threads. It's simple. One thread increments a counter, and the other thread reads it.

xucheng5y ago· 1 in thread

You don't need OS to build a very precise clock for the purpose of exploiting timing attack. That's why SharedArrayBuffer[1] is disabled in all browsers.

Moreover, not every side channel attack relies on timing attack.

For interested readers, there is a paper titled "Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript", which discussed a variety of ways to build high resolution clocks.

[1]: https://security.stackexchange.com/questions/177033/how-can-...

titzer5y ago

SharedArrayBuffer is not disabled in all browsers. It was briefly disabled at disclosure time of the first Spectre vulnerabilities, but as browsers moved to site isolation (one process per origin), they have reenabled it.

j / k navigate · click thread line to collapse