[cap-talk] Singletons Considered Harmful

David Wagner daw at cs.berkeley.edu
Tue Apr 6 13:07:15 PDT 2010

Kenton Varda  wrote:
> You're assuming that Leopold's
> machine normally responds to requests in less than 1/100th of a second, that
> Leopold can influence this responsiveness within 1/100th second intervals,
> and that Leopold's effects can be reliably distinguished from noise.  These
> are all conceivable, but they are big "if"s, and I think a working
> implementation would be very complicated.

Yup, I'm assuming all that.  I personally don't see them as big
assumptions.  10 ms is an eternity in computer land.  Error correcting
codes might be effective at dealing with noise.  But as you say, I
have not implemented it, so I am just speculating, and what do I know?

> Also, it seems pretty easy to disrupt.  For example, you could limit Leopold
> to a small fraction of CPU usage and assign timeslices on random intervals,
> and don't provide a timer capability.  Responses that are significantly
> faster than average could be intentionally delayed in order to force a more
> uniform timing distribution.  Etc.  This seems like an interesting question,
> actually:  can you develop a scheduling algorithm which makes timing-based
> covert channels hard to set up?

I doesn't seem easy to me.  For any one covert channel, I can imagine how
to disrupt it, if that's the only kind of covert channel I will ever have
to deal with.  But I cannot imagine any reliable defense with the property
that if you have to pick the defense first, then I am unable to find a
covert channel (even if I take into account how your defense works).

> But anyway.  I do find it pretty easy to believe that extremely-low-bitrate
> channels (say, 1 bit per second) are easy to implement, so short secrets
> (like cryptographic keys) are basically impossible to protect from such
> intentional leakage.


More information about the cap-talk mailing list