Hacker News new | comments | ask | show | jobs | submit login
Attack Directories, Not Caches: Side-Channel Attacks in a Non-Inclusive World [pdf] (uiuc.edu)
28 points by mettamage 76 days ago | hide | past | web | favorite | 5 comments

The part on how they reverse engineered the cache directory is especially interesting.

Consider this, they build an eviction algorithm [1] that just worked. And by varying it on different threads you basically get to understand (a) it is inclusive for private and shared cache lines and (b) the cache replacement policies (private gets kicked out first).

I find it quite cool since eviction algorithms are normally used for evict + reload attacks, but no! They can also be used for reverse engineering cache behaviors in CPUs :D

[1] an eviction algorithm is an algorithm designed to kick out all the other entries in the cache (of a particular cache set that is).

I also had some funny shower thoughts about this. I think reverse engineering in general plays an interesting part in the philosophy of science.

To what extent is something science when only one private company knows about it and the public (i.e. security researchers) need to reverse engineer it? One could say that it is like a 'simulated nature' that needs to yet reveal its secrets.

In that sense I feel that reverse engineering stuff like this is a more high fidelity type of form than simulation since there are some real world stakes/incentives on the line. At least, as far as the philosophy of science is confirmed.

Another thing was that I was quite surprised how much the reverse engineering effort just looked like a standard experiment that psychologists/medicine would use as well. I mean it almost literally is: control group, experimental group, hypothesis pans out, let's go on to experiment 2, and it's the same song over again.

I wanted to point these things out still because I like interdisciplinary comments and have the hope they could achieve something interesting.

I have often thought exactly what you describe, even more I think in an alternate history this would actually be close to the "intellectual property" policy: it is not the governments role to enforce intellectual policy, while it is the role of science to try and understand all phenomena natural or man-made. It would be legal for private entities (individuals or companies) to try to keep a business secret, but it would not be illegal for others to investigate, reverse-engineer and reproduce (even commercially) what others have done. Since scientific discovery into the public domain would be rewarded by the public, it would still be feasible for private individuals to maintain a business secret for as long as no one reverse engineers it. But it would de facto result in organizations being unable to profit from business secrets (since any member of the organization could publish the company secret to the public for a reward without facing consequences). This should prevent monopolies from arising, and encourages smaller companies and open collaboration.

"We found that the above conditions do not hold in some AMD processors. Consequently, our attack does not work on these AMD processors."

Yea, the generalization section leads a lot left to be desired. I feel the constraints of the attack make it hard to generalize it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact