Author: Gregory Maxwell 2014-03-05 22:25:02
Published on: 2014-03-05T22:25:02+00:00
In an email exchange, Eric Lombrozo and another individual discuss the effectiveness of branchless code as a defense measure against security attacks. While Lombrozo agrees that branchless reduces the attack surface, he notes that other defense measures are still important. In response to the idea of avoiding uniform memory access issues through heap allocation, Lombrozo explains that performing no data dependent loads is necessary to hide a memory timing side-channel. He suggests that even loading the same values but masking out unintended reads could still be vulnerable on advanced hardware. The discussion concludes with the agreement that using a branchless implementation where each phase of the operation executes the exact same code and accesses the exact same stack frames would not likely be vulnerable to FLUSH+RELOAD attacks.
Updated on: 2023-05-19T18:13:26.266012+00:00