No. Architectural leakage via a side-channel is far from simple. It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).
If anything, these are canonical examples of non-simple bugs.
> It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).
For exploitation, or for patching, maybe. But characterizing these bugs is still clear and simple IMO. I mean, rowhammer is about as basic as a bug can get - the value of this bit in memory changed even though it was never written to.
Rowhammer isn't a speculative execution bug. Without getting into how complex Rowhammer is or isn't, speculative execution is an inherently complex and software-involved pattern of vulnerability.
You're letting yourself get dragged into some weird rhetorical places trying to defend this part of Raymond's essay.
No. Architectural leakage via a side-channel is far from simple. It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).
If anything, these are canonical examples of non-simple bugs.
> It requires deep understanding of the code (i.e. what it does, why it is doing it that way and the implied effect of executing the code on the architecture) and also of the architecture (i.e. how it is executing and why that causes leakage to be observable via the side-channel).
For exploitation, or for patching, maybe. But characterizing these bugs is still clear and simple IMO. I mean, rowhammer is about as basic as a bug can get - the value of this bit in memory changed even though it was never written to.
Rowhammer isn't a speculative execution bug. Without getting into how complex Rowhammer is or isn't, speculative execution is an inherently complex and software-involved pattern of vulnerability.
You're letting yourself get dragged into some weird rhetorical places trying to defend this part of Raymond's essay.
5 replies →