Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 04 Jan 2018 08:52:23 -0700
From:      Brett Glass <brett@lariat.org>
To:        Dag-Erling Smørgrav <des@des.no>, Erich Dollansky <freebsd.ed.lists@sumeritec.com>
Cc:        "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, "Ronald F. Guilmette" <rfg@tristatelogic.com>
Subject:   Re: Intel hardware bug
Message-ID:  <201801041552.IAA17267@mail.lariat.net>
In-Reply-To: <86vaghu0ps.fsf@desk.des.no>
References:  <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <19876.1515025752@segfault.tristatelogic.com> <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com> <86vaghu0ps.fsf@desk.des.no>

next in thread | previous in thread | raw e-mail | index | archive | help
At 08:01 AM 1/4/2018, Dag-Erling Smørgrav wrote:

>This is irrelevant.  We are talking about timing-based side-channel
>attacks.  The attacker is not able to access protected memory directly,
>but is able to deduce its contents by repeatedly performing illegal
>memory accesses and then checking how they affect the cache.

This is something I do not yet fully understand; perhaps someone here
on the list can help explain it to me. The "Spectre" attack is claimed
to work by altering the contents of the cache via a speculatively
executed instruction. But the contents of that memory are not revealed
directly to the program. So, how does it deduce the contents of physical
memory merely from the fact that there's a cache miss on its address?

--Brett Glass 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801041552.IAA17267>