[cap-talk] Singletons Considered Harmful
daw at cs.berkeley.edu
Tue Apr 6 13:07:15 PDT 2010
Kenton Varda wrote:
> You're assuming that Leopold's
> machine normally responds to requests in less than 1/100th of a second, that
> Leopold can influence this responsiveness within 1/100th second intervals,
> and that Leopold's effects can be reliably distinguished from noise. These
> are all conceivable, but they are big "if"s, and I think a working
> implementation would be very complicated.
Yup, I'm assuming all that. I personally don't see them as big
assumptions. 10 ms is an eternity in computer land. Error correcting
codes might be effective at dealing with noise. But as you say, I
have not implemented it, so I am just speculating, and what do I know?
> Also, it seems pretty easy to disrupt. For example, you could limit Leopold
> to a small fraction of CPU usage and assign timeslices on random intervals,
> and don't provide a timer capability. Responses that are significantly
> faster than average could be intentionally delayed in order to force a more
> uniform timing distribution. Etc. This seems like an interesting question,
> actually: can you develop a scheduling algorithm which makes timing-based
> covert channels hard to set up?
I doesn't seem easy to me. For any one covert channel, I can imagine how
to disrupt it, if that's the only kind of covert channel I will ever have
to deal with. But I cannot imagine any reliable defense with the property
that if you have to pick the defense first, then I am unable to find a
covert channel (even if I take into account how your defense works).
> But anyway. I do find it pretty easy to believe that extremely-low-bitrate
> channels (say, 1 bit per second) are easy to implement, so short secrets
> (like cryptographic keys) are basically impossible to protect from such
> intentional leakage.
More information about the cap-talk