[DGD] Spectre and speculative execution

Raymond Jennings shentino at gmail.com
Tue Jan 9 23:20:26 CET 2018


I'm glad you posted about this by the way.  For my part I'm just
stewing at Intel for hiding this from disclosure, along with further
details that would be a bit off topic for this list.

I'm guessing that the whole bit is about how you can use delays in
execution and latency jitter (possibly induced by rollbacks) as a
covert way to expose information?

That was my guess, though I suppose my first guess was how such a
hardware bug might well cause DGD/Hydra to fumble in a way that
violates the isolation guarantees it uses itself to enforce the atomic
context mechanism responsible for isolating concurrent tasks so long
as they don't peek at each other's state

On Tue, Jan 9, 2018 at 1:33 PM, Felix A. Croes <felix at dworkin.nl> wrote:
> Those who have followed the recent technology news know about Meltdown
> and Spectre, two types of bugs having to do with speculative execution.
>
> These are processor-level bugs.  But DGD, and especially Hydra, have
> speculative execution at the software level.  Perhaps you have wondered
> if they are also vulnerable to the Spectre class of information leakage
> bugs?
>
> The answer is that yes, they do.  It is hard to find an example that is
> not contrived, but atomic execution and optimistic concurrency can
> leak information to other LPC code running on the same server.
>
> That said, LPC code running on the same server has a much wider scope
> for side-channel attacks than merely the speculative execution cases.
> Measuring executed ticks is a powerful tool in this regard.
>
> Regards,
> Felix Croes
> ____________________________________________
> https://mail.dworkin.nl/mailman/listinfo/dgd



More information about the DGD mailing list