[cap-talk] Singletons Considered Harmful
Kenton Varda
kenton at google.com
Tue Apr 6 00:32:05 PDT 2010
On Mon, Apr 5, 2010 at 9:53 PM, David Wagner <daw at cs.berkeley.edu> wrote:
> If Leopold the leaker
> has access to secrets and runs on a network-connected machine, and if
> Colin the colluder located elsewhere on the network can send hundreds
> of packets per second to Leopold's machine, then just based upon a
> back-of-the-envelope calculation, I would expect it would be feasible
> to transmit on the order of 100 bits/second.
I don't think that's an obvious conclusion. You're assuming that Leopold's
machine normally responds to requests in less than 1/100th of a second, that
Leopold can influence this responsiveness within 1/100th second intervals,
and that Leopold's effects can be reliably distinguished from noise. These
are all conceivable, but they are big "if"s, and I think a working
implementation would be very complicated.
Also, it seems pretty easy to disrupt. For example, you could limit Leopold
to a small fraction of CPU usage and assign timeslices on random intervals,
and don't provide a timer capability. Responses that are significantly
faster than average could be intentionally delayed in order to force a more
uniform timing distribution. Etc. This seems like an interesting question,
actually: can you develop a scheduling algorithm which makes timing-based
covert channels hard to set up?
But anyway. I do find it pretty easy to believe that extremely-low-bitrate
channels (say, 1 bit per second) are easy to implement, so short secrets
(like cryptographic keys) are basically impossible to protect from such
intentional leakage.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20100406/bcfbc232/attachment.html
More information about the cap-talk
mailing list