Re: [Cfrg] considering new topics for CFRG

Henrick Hellström <henrick@streamsec.se> Sat, 04 January 2014 10:49 UTC

Return-Path: <henrick@streamsec.se>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74C681ADDD2 for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 02:49:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.25
X-Spam-Level:
X-Spam-Status: No, score=-1.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LhTeJUuQgswD for <cfrg@ietfa.amsl.com>; Sat, 4 Jan 2014 02:49:08 -0800 (PST)
Received: from vsp7.ballou.se (vsp7.ballou.se [91.189.40.103]) by ietfa.amsl.com (Postfix) with SMTP id E94981ADDD0 for <cfrg@irtf.org>; Sat, 4 Jan 2014 02:49:07 -0800 (PST)
Received: from nmail1.ballou.se (unknown [10.0.0.116]) by vsp7.ballou.se (Halon Mail Gateway) with ESMTP; Sat, 4 Jan 2014 11:48:56 +0100 (CET)
Received: from [192.168.0.195] (c-a2c1e555.06-134-73746f39.cust.bredbandsbolaget.se [85.229.193.162]) (Authenticated sender: henrick@streamsec.se) by nmail1.ballou.se (Postfix) with ESMTPSA id 9F19A128F6B; Sat, 4 Jan 2014 11:48:56 +0100 (CET)
Message-ID: <52C7E6FF.9000602@streamsec.se>
Date: Sat, 04 Jan 2014 11:48:31 +0100
From: Henrick Hellström <henrick@streamsec.se>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Trevor Perrin <trevp@trevp.net>
References: <52C755AA.70200@cisco.com> <1388803303.28448.66396277.268F74FA@webmail.messagingengine.com> <52C779AC.5060002@streamsec.se> <CAGZ8ZG2NY3nekpLzpj-H9dcN2Rm5mx4NfjBN+R2ZC5nAbYrHxA@mail.gmail.com>
In-Reply-To: <CAGZ8ZG2NY3nekpLzpj-H9dcN2Rm5mx4NfjBN+R2ZC5nAbYrHxA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] considering new topics for CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: henrick@streamsec.se
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jan 2014 10:49:10 -0000

On 2014-01-04 07:05, Trevor Perrin wrote:
> On Fri, Jan 3, 2014 at 7:02 PM, Henrick Hellström <henrick@streamsec.se> wrote:
>> On 2014-01-04 03:41, David Wagner wrote:
>>>
>>> Back in 2005, David Molnar, Matt Piotrowski, David Schultz,
>>> and I proposed a simple method for testing for side channel
>>> vulnerabilities.
> [...]
>>
>> This method will not detect timing differences caused by cache misses.
>> (Think table look-ups, or branch-less pointer swapping.)
>
> The "transcript" idea from David's paper is a nice way to think about
> sidechannel security.

Don't get me wrong, it is necessary for your code to pass the test 
outlined in the paper, but in light of more recently published side 
channel attacks, it is not sufficient.


> For another tool, check out Adam Langley's "ctgrind":
>
> https://github.com/agl/ctgrind

Thanks, but considering that relevant code might not be implemented in 
C/C++, is there any specification of the abstract requirements for such 
testing, or perhaps a tool for a language agnostic profiler?