[cap-talk] Implementing a crypto brand: What are the security requirements?
Pierre THIERRY
nowhere.man at levallois.eu.org
Fri Mar 23 18:53:24 CDT 2007
Scribit David Wagner dies 22/03/2007 hora 21:05:
> > Confidentiality
> > Without possession of Unsealer A, possession of a Box A does not
> > yield any information about its contents.
> [...]
>
> You might think that no attacker who uses only the public interface
> getOne() can learn anything about the value of the boolean b. But now
> consider this:
> void attack() {
> Box box;
> {
> Object o1 = new int[1] { 0 };
> Object o2 = new int[1000000000] { 0 };
> box = getOne(o1, o2);
> }
>
> // wait for gc
>
> // test whether o2 has been garbage collected or not,
> // e.g., by checking for cache effects or disk thrashing
> }
But in this case, you gain information on the content with much more
than the box, because you have information on both:
- its internals (IIUC, your attack is meant to reveal the boolean, so
you know it's there),
- the lexical scope of its creation, without which this particular
attack is impossible
So maybe, at the light of this attack, the requirement could be
rephrased as:
Confidentiality Without possession of Unsealer A, the sole possession
of a Box A does not yield any information about its contents.
Precisely,
Pierre
--
nowhere.man at levallois.eu.org
OpenPGP 0xD9D50D8A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20070324/ec676749/attachment.bin
More information about the cap-talk
mailing list