News
 

Bookmark and Share

(1) 

Intel’s Hyper-Threading may be useful for enhancing performance, but it may also compromise security in some cases, particularly in case of servers, claims a researcher from Canada. Fortunately, it seems that patches for operating systems can correct the issue.

On Intel Pentium 4 and Xeon with Hyper-Threading processors the two threads being executed on each processor share more than the execution units, but also they share access to the memory caches. Caches have already been demonstrated to be cryptographically dangerous: many implementations of AES are subject to timing attacks arising from the non-constancy of S-box lookup timings. However, having caches shared between threads provides a vastly more dangerous avenue of attack, claims Colin Percival, a researcher who has spent about half a year investigating the matter.

According to a document released Friday, this shared access to memory caches pro-vides not only an easily used high bandwidth covert channel between threads, but also permits a malicious thread (operating, in theory, with limited privileges) to monitor the execution of another thread, allowing in many cases for theft of cryptographic keys.

The security flaw hardly affects desktop users, but server administrators should pay attention to the situation. It is also unclear whether sharing of memory caches between threads may confront security within systems running dual-core processors.

The author provides some suggestions to processor designers, operating system vendors, and the authors of cryptographic software, of how this attack could be mitigated or eliminated entirely.

Intel’s reaction on the allegations was unavailable at press time.

Discussion

Comments currently: 1
Discussion started: 05/14/05 12:02:11 PM
Latest comment: 05/14/05 12:02:11 PM

Add your Comment




Related news

Latest News

Monday, April 14, 2014

8:23 am | Microsoft Vows to Release Xbox 360 Emulator for Xbox One. Microsoft Xbox One May Gain Compatibility with Xbox 360 Games

Tuesday, April 1, 2014

10:39 am | Microsoft Reveals Kinect for Windows v2 Hardware. Launch of New Kinect for Windows Approaches

Tuesday, March 25, 2014

1:57 pm | Facebook to Acquire Virtual Reality Pioneer, Oculus VR. Facebook Considers Virtual Reality as Next-Gen Social Platform

1:35 pm | Intel Acquires Maker of Wearable Computing Devices. Basis Science Becomes Fully-Owned Subsidiary of Intel

Monday, March 24, 2014

10:53 pm | Global UHD TV Shipments Total 1.6 Million Units in 2013 – Analysts. China Ahead of the Whole World with 4K TV Adoption

10:40 pm | Crytek to Adopt AMD Mantle Mantle API for CryEngine. Leading Game Developer Adopts AMD Mantle

9:08 pm | Microsoft Unleashes DirectX 12: One API for PCs, Mobile Gadgets and Xbox One. Microsoft Promises Increased Performance, New Features with DirectX 12

3:33 pm | PowerVR Wizard: Imagination Reveals World’s First Ray-Tracing GPU IP for Mobile Devices. Imagination Technologies Brings Ray-Tracing, Hybrid Rendering Modes to Smartphones and Tablets

2:00 pm | Nokia Now Expects to Close Deal with Microsoft in Q2. Sale of Nokia’s Division to Close Next Month