On Jun 26, 2018, at 3:33 PM, Arthur Krewat <krewat(a)kilonet.net> wrote:
On 6/26/2018 6:20 PM, Bakul Shah wrote:
it is becoming increasingly clear that
caching (hidden memory to continue with the illusion of a simple memory
model) itself is a potential security issue.
Then let's discuss why caching is the problem. If thread X reads memory location A,
why is thread Y able to access that cached value? Shouldn't that cached value be
associated with memory location A which I would assume would be in a protected space that
thread Y shouldn't be able to access?
I know the nuts and bolts of how this cache exploit works, that's not what I'm
asking.
What I'm asking is, why is cache accessible in the first place? Any cache offset
should have the same memory protection as the value it represents. Isn't this the CPU
manufacturer's fault?
As I understand it, the difference in cache access vs
other caches/memory access times allows for timing attacks.
By its nature a cache is much smaller than the next level
cache or memory so there will have to be a way to evict
stale data from it and there will be (false) sharing and
consequent access time difference. Knowledge of specific
attacks can help devise specific fixes but I don't think
we can say unequivocally we have seen the worst of it.