Results 1 to 8 of 8
Thread: Intel HT -
Hybrid View
-
18th May 2005 17:48 #1EP35-DS4 :: Pentium Q9550 :: 4x2GB DDRII :: GeForce 9800GT :: 2x320GB SATA :: DVD-ROM :: CMPSU-450VXEU
-
18th May 2005 17:54 #2Registered User
Join Date: Jul:2001
Location:
Posts: 10,936
, - "" .
512- ... .
-
18th May 2005 18:02 #3
-
18th May 2005 18:10 #4
Join Date: Nov:2001
Location: Des Moines, Iowa
Posts: 4,284
...
-
18th May 2005 18:32 #5
-
18th May 2005 19:38 #6Registered User
Join Date: Mar:2004
Location:
Posts: 3,748
. , . HT-, ( kerneltrap):
The paper is available at here. Basically the claimed exploit is to starve the OpenSSH process of accesses to cache lines to get information of what cache lines get used. However, the paper makes a lot of assumptions which if exist can be exploited in other ways. One assumption made is that you can accurately measure the time taken when the other thread is executing specific sections of code. The author does not mention that there is a way to do this.
The section of code published uses the "rdtsc" instruction to measure time. The Intel Architecture spec clearly states that RDTSC is a non serializing instruction. This means that the time stamp returned can be a speculative one - one from before the cache access completed. Even if a serializing instruction were used before this; there is no specific way to ensure that this thread which is competing for the same resources with the OpenSSH process ensures that it gets them in a particular order. For example the 'long integer multiplication' instructions that the author refers needs to compete for the same ALU as that used by the OpenSSH algorithm. There is no suggestion in the paper that would indicate that the process can get this deterministically. If this were possible - there can be other exploits possible as well such as seeing how long do arithmetic operations take - and trying to determine what the other thread did during this time.
-
18th May 2005 17:58 #7




Reply With Quote

Lenovo ThinkPad 15 IdeaPad 15
5th May 2023, 22:16 in