Re: SSL pipe SRFI
Lassi Kortela
(14 Sep 2019 15:47 UTC)
|
Implementing crypto in a GC'ed dynamic language
Lassi Kortela
(14 Sep 2019 15:59 UTC)
|
Re: Implementing crypto in a GC'ed dynamic language
John Cowan
(14 Sep 2019 20:04 UTC)
|
Re: Implementing crypto in a GC'ed dynamic language
Lassi Kortela
(14 Sep 2019 20:15 UTC)
|
Papers about timing attacks on garbage collectors Lassi Kortela (14 Sep 2019 20:22 UTC)
|
Papers about timing attacks on garbage collectors Lassi Kortela 14 Sep 2019 20:22 UTC
Existing timing attacks on garbage collectors from Google Scholar: <http://www.ieee-security.org/TC/SP2017/papers/258.pdf> From trash to treasure: timing-sensitive garbage collection (2017) Abstract: "This paper studies information flows via timingchannels in the presence of automatic memory management. Weconstruct a series of example attacks that illustrate that garbagecollectors form a shared resource that can be used to reliablyleak sensitive information at a rate of up to 1 byte/sec on acontemporary general-purpose computer. The created channel isalso observable across a network connection in a datacenter-likesetting. We subsequently present a design of automatic memorymanagement that is provably resilient against such attacks." Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling (2013) <http://amitlevy.com/papers/eliminating-esorics2013.pdf> Excerpt from the paper: "Though GHC already inserts many safe points as a meansof invoking the garbage collector (via the scheduler), tight loops that do not perform anyallocation are known to hang execution [1]. Addressing this eight-year old bug, whichwould otherwise be a security concern in LIO, we modified the compiler to insert safepoints on function entry points. This modification, integrated in the mainline GHC, hasalmost no effect on performance and only a 7% bloat in average binary size."