>> Could you explian me how could be more secure?
>
>For example if you compute a cryptographic algorithm in the root
>process then some information leaks over thread/process boundaries
>(e.g. cycle counters, or cache line information etc.) and could be
The only thing you should be able to read as normal user in i386 is the
tsc that say you how many tick the CPU got until boot.
>Search the web for 'side-chanel cryptoanalysis' or 'timing attacks'
>for more information about this. e.g. http://www.counterpane.com/side_channel.html
Also the power consumation can be an useful data for the attakker reading
the doc. I think that if somebody need such kind of security is better to
allow only trusted users to login on its machine instead of run its
process on a single CPU.
>Note that the leaking of the cycle counters on Intel could be easily
Which cycle counter? The tsc? The tsc can' t be used by other process to
take timings from your process and the other i386 profiling counters are
accessible only as root.
Andrea[s] Arcangeli
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html