From: andrea@cpushare.com
To: Valdis.Kletnieks@vt.edu
Cc: Pavel Machek <pavel@suse.cz>, Alan Cox <alan@lxorguk.ukuu.org.uk>,
ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com,
Lee Revell <rlrevell@joe-job.com>,
"Randy.Dunlap" <rdunlap@xenotime.net>,
Andrew Morton <akpm@osdl.org>,
bunk@stusta.de, linux-kernel@vger.kernel.org, mingo@elte.hu
Subject: Re: [2.6 patch] let CONFIG_SECCOMP default to n
Date: Sun, 16 Jul 2006 02:51:08 +0200 [thread overview]
Message-ID: <20060716005108.GK18774@opteron.random> (raw)
In-Reply-To: <200607150255.k6F2tS2R008742@turing-police.cc.vt.edu>
On Fri, Jul 14, 2006 at 10:55:28PM -0400, Valdis.Kletnieks@vt.edu wrote:
> In fact, the best you can do here is to reduce the effective bandwidth
> the signal can have, as Shannon showed quite clearly.
Yes.
> And even 20 years ago, the guys who did the original DoD Orange Book
> requirements understood this - they didn't make a requirement that covert
> channels (both timing and other) be totally closed down, they only made
> a requirement that for higher security configurations the bandwidth of
> the channel be reduced below a specified level...
Why I think it's trivial to guarantee the closure of the seccomp side
channel timing attack even on a very fast internet by simply
introducing the random delay, is that below a certain sampling
frequency you won't be able to extract data from the latencies of the
cache. The max length of the random noise has to be >= of what it
takes to refill the whole cache. Then you won't know if it was a cache
miss or a random introduced delay that generated the slowdown, problem
solved.
As you and Pavel correctly pointed out, you can still communicate
whatever you want over the wire (between the two points) by using a
low enough frequency, but I don't think that has security relevance in
this context.
Thanks.
next prev parent reply other threads:[~2006-07-16 0:50 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-06-29 19:21 [2.6 patch] let CONFIG_SECCOMP default to n Adrian Bunk
2006-06-30 0:44 ` Lee Revell
2006-06-30 1:07 ` Andrew Morton
2006-06-30 1:40 ` Adrian Bunk
2006-06-30 4:52 ` Andrea Arcangeli
2006-06-30 9:47 ` Ingo Molnar
2006-06-30 14:58 ` andrea
2006-07-11 7:36 ` [patch] " Ingo Molnar
2006-07-11 14:17 ` andrea
2006-07-11 14:32 ` Arjan van de Ven
2006-07-11 15:31 ` andrea
2006-07-11 15:54 ` Arjan van de Ven
2006-07-11 16:13 ` andrea
2006-07-11 16:23 ` Arjan van de Ven
2006-07-11 16:57 ` Alan Cox
2006-07-11 16:25 ` Alan Cox
2006-07-11 16:02 ` Adrian Bunk
2006-07-11 16:16 ` andrea
2006-07-11 16:24 ` Alan Cox
2006-07-12 15:43 ` Andi Kleen
2006-07-12 21:07 ` Ingo Molnar
2006-07-12 22:06 ` Andi Kleen
2006-07-12 22:19 ` Ingo Molnar
2006-07-12 22:33 ` Andi Kleen
2006-07-12 22:49 ` Ingo Molnar
2006-07-13 3:16 ` Andrea Arcangeli
2006-07-13 11:23 ` Jeff Dike
2006-07-13 11:35 ` Ingo Molnar
2006-07-13 3:04 ` Andrea Arcangeli
2006-07-13 3:12 ` Linus Torvalds
2006-07-13 4:40 ` Andrea Arcangeli
2006-07-13 4:51 ` andrea
2006-07-13 5:12 ` Linus Torvalds
2006-07-13 6:22 ` andrea
2006-07-13 1:51 ` Andrew Morton
2006-07-13 2:00 ` Linus Torvalds
2006-07-13 7:44 ` James Bruce
2006-07-13 8:34 ` andrea
2006-07-13 9:18 ` Andrew Morton
2006-07-14 6:09 ` [PATCH] TIF_NOTSC and SECCOMP prctl andrea
2006-07-14 6:27 ` Andrew Morton
2006-07-14 6:33 ` andrea
2006-07-13 12:13 ` [patch] let CONFIG_SECCOMP default to n Andi Kleen
2006-07-12 21:22 ` Ingo Molnar
2006-07-12 22:11 ` Andi Kleen
2006-07-11 15:54 ` Pavel Machek
2006-06-30 12:39 ` [2.6 patch] " Alan Cox
2006-06-30 2:35 ` Randy.Dunlap
2006-06-30 15:03 ` Lee Revell
2006-07-08 9:23 ` Andrea Arcangeli
2006-07-11 1:59 ` Andrew James Wade
2006-07-11 4:16 ` andrea
2006-07-11 20:19 ` Andrew James Wade
2006-07-12 21:05 ` andrea
2006-07-12 22:02 ` Alan Cox
2006-07-12 23:44 ` andrea
2006-07-13 21:29 ` Pavel Machek
2006-07-13 23:11 ` andrea
2006-07-13 23:20 ` Pavel Machek
2006-07-14 0:34 ` andrea
2006-07-15 2:55 ` Valdis.Kletnieks
2006-07-16 0:51 ` andrea [this message]
2006-07-16 1:54 ` Pavel Machek
2006-07-16 15:36 ` andrea
2006-07-13 2:56 ` Andrew James Wade
2006-07-12 21:13 ` Ingo Molnar
2006-07-13 1:16 ` andrea
2006-07-13 1:37 ` Andrew James Wade
-- strict thread matches above, loose matches on Subject: below --
2006-06-26 16:26 Adrian Bunk
2006-04-27 20:33 Adrian Bunk
2006-04-18 22:07 Adrian Bunk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060716005108.GK18774@opteron.random \
--to=andrea@cpushare.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=ajwade@cpe001346162bf9-cm0011ae8cd564.cpe.net.cable.rogers.com \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@stusta.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=pavel@suse.cz \
--cc=rdunlap@xenotime.net \
--cc=rlrevell@joe-job.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox