为什么 Fuchsia 不限制对时钟的访问以防止不受信任的进程执行定时攻击?
[英]Why doesn't Fuchsia restrict access to clocks to prevent untrusted processes from performing timing attacks?
问题描述
A timing attack is when hostile code figures out some information its not supposed to have by measuring how long it takes other, more trusted processes, to perform known actions over private data.
定时攻击是指恶意代码通过测量其他更受信任的进程对私有数据执行已知操作所需的时间来找出它不应该拥有的一些信息。
Advocates of the object-capability model generally recognize that you can reduce timing attacks by not providing clocks by default, requiring a process to have been given a clock capability, otherwise denying them any way of measuring the passage of time.对象能力 model 的拥护者通常认识到,您可以通过默认不提供时钟来减少计时攻击,要求进程具有时钟能力,否则拒绝他们以任何方式测量时间的流逝。 Given that Fuchsia is very object-capability type of OS, why are clocks available by default?鉴于 Fuchsia 是一种非常具有对象能力的操作系统,为什么默认情况下时钟可用?
1 个解决方案
解决方案1
0 2021-03-27 23:35:49
This is a fair question, and this is an indirect answer as it does not answer why clock access is available.这是一个公平的问题,这是一个间接的答案,因为它没有回答为什么时钟访问可用。
Specifically when it comes to timing attacks, a clock is merely a convenience, it is not a necessity for recording timing information in most scenarios, as other mechanisms such as counting competing spinning operations or comparing timing to other operations are often sufficient, albeit sometimes harder to setup.具体来说,当涉及到计时攻击时,时钟只是一种便利,在大多数情况下,它并不是记录计时信息的必要条件,因为其他机制(例如计数竞争的旋转操作或将计时与其他操作进行比较)通常就足够了,尽管有时更难建立。
Other practical issues arise, such as it being desirable on the path you describe to also restrict threads, which also have some deep ties to this problem space by way of commonly used standard library mutexes having dependencies on wall time.还出现了其他实际问题,例如在您描述的路径上也希望限制线程,通过常用的标准库互斥锁,这些线程也与这个问题空间有一些深层联系,这些互斥锁依赖于挂起时间。 The implications here become somewhat problematic as attempting to pull all such access out introduces impediments to startup of very common runtimes and, depending on implemention details many designs may also impede performance of common programs.这里的含义变得有些问题,因为试图拉出所有此类访问会阻碍非常常见的运行时的启动,并且根据实现细节,许多设计也可能会阻碍常见程序的性能。
-- --
Edit: I should also add, we have mailinglists, here: fuchsia.dev/fuchsia-src/contribute/community/get-involved This question would be welcome there, and it is possible that so would a proposal to introduce some capabilities around this.编辑:我还应该补充一点,我们有邮件列表,在这里: fuchsia.dev/fuchsia-src/contribute/community/get-involved 这个问题在那里会受到欢迎,并且有可能提出围绕这个引入一些功能的提案. The best place to start the the discussion is on those mailinglists.开始讨论的最佳地点是那些邮件列表。 I hope we see you there!我希望我们在那里见到你!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.