Hacker News new | ask | show | jobs
by matu3ba 202 days ago
What would be more sane alternatives, when it becomes obvious that any side-effect of timing is a potential attack vector? See https://www.hertzbleed.com/ for frequency side channels. I do only see dedicated security cores as options with fast data lanes to the CPU similar to what Apple is doing with Secure Enclave or do you have better suggestions that still allow performance and power savings?
1 comments
amluto 202 days ago
A design such that it would actually make sense for a compiler to mark code that should permit data-dependent CPU optimizations differently from code that should not.

This could be done using an opcode prefix, which would bloat code but would work perfectly. Or it could use an RFLAGS bit or a bit in MXCSR or a new register, etc.

Almost anything would be better than an MSR that is only accessible to privileged code.

link
cesarb 202 days ago
> Or it could use an RFLAGS bit or a bit in MXCSR or a new register, etc.

> Almost anything would be better than an MSR that is only accessible to privileged code.

ARM does that: their flag (DIT) is accessible by non-privileged code. If you know the architecture has that flag, either because your -march= is recent enough or because the operating system told you so through the hwcaps or the emulated id registers, you can use it freely without needing to switch to privileged mode through a syscall.

link
JoshTriplett 202 days ago
The one reason I can imagine to make it privileged-only is that it could be high-overhead to switch: if a CPU conditioned various kinds of predictors on it, it might have to flush those predictors when toggling it.
link
amluto 202 days ago
IMO the best design would be to keep the flag with the data. Give each register an extra bit indicating whether it’s sensitive. Any data-dependent-timing operation can’t possibly leak the data until the data is available to it, and that’s exactly when the ALU would find out that the data is sensitive anyway. No pipeline stalls.
link
JoshTriplett 200 days ago
Makes sense, but "give each register an extra bit" seems like something that would very easily get lost with a spill or any number of other ways.
link
matu3ba 189 days ago
Sorry for necro-bumping, but there is a paper doing exactly that besides various other things to eliminate timing channels claiming also to prevent attacks based on speculative execution etc: "BLACKOUT : Data-Oblivious Computation with Blinded Capabilities" https://arxiv.org/abs/2504.14654. They basically utilize another bit of CHERI for "blinded capability" and methods to mitigate potential problems you identified.
link