At 08:01 AM 1/4/2018, Dag-Erling Smørgrav wrote:
This is irrelevant. We are talking about timing-based side-channel
attacks. The attacker is not able to access protected memory directly,
but is able to deduce its contents by repeatedly performing illegal
memory accesses and then checking how they affect the cache.
This is something I do not yet fully understand; perhaps someone here
on the list can help explain it to me. The "Spectre" attack is claimed
to work by altering the contents of the cache via a speculatively
executed instruction. But the contents of that memory are not revealed
directly to the program. So, how does it deduce the contents of physical
memory merely from the fact that there's a cache miss on its address?
--Brett Glass
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
