Re: Defeating HyperThreading attacks
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Defeating HyperThreading attacks

From: Colin Andrew Percival <cperciva@sfu.ca>
Date: Tue May 31 2005 - 11:29:47 CEST



tomstdenis@gmail.com wrote:


> The problem is it's not really possible to tell the attacker program


> from another normal process.  The solution to this problem has always


> been better user security.  Don't have users on your www boxes.



This isn't an option for everybody.  Companies which sell "shared 


webhosting" services generally have problems if they refuse to allow 


their customers to have access to the servers. :-)



Many companies refuse to allow shell access, of course, but with most web 


hosts offering CGI privileges, that makes little difference.



> Tom



BTW, do you have any plans for defending against this in libtomcrypt?



Colin Percival


Received on Thu Sep 29 21:39:17 2005