Ib pab pawg ntawm cov kws tshawb fawb los ntawm University of Illinois tau tsim cov txheej txheem kev tawm tsam sab nraud tshiab uas tswj xyuas cov ntaub ntawv xa tawm los ntawm Ring Interconnect ntawm Intel processors. Qhov kev tawm tsam tso cai rau koj los qhia txog cov ntaub ntawv siv lub cim xeeb hauv lwm daim ntawv thov thiab taug qab cov ntaub ntawv sijhawm lub sijhawm. Cov kws tshawb fawb tau luam tawm cov cuab yeej rau kev ntsuas cuam tshuam thiab ntau yam qauv siv.
Peb qhov kev siv nyiaj tau npaj tseg uas yuav tso cai rau:
- Rov qab tau ib qho ntawm cov yuam sij encryption thaum siv RSA thiab EdDSA cov kev siv uas muaj kev cuam tshuam rau sab-channel tawm tsam (yog tias kev suav qeeb nyob ntawm cov ntaub ntawv tau ua tiav). Piv txwv li, qhov xau ntawm tus kheej cov khoom nrog cov ntaub ntawv hais txog kev pib vector (tsis yog) ntawm EdDSA yog txaus los siv kev tawm tsam kom rov qab tau tag nrho cov yuam sij ntiag tug. Kev tawm tsam yog qhov nyuaj rau kev siv hauv kev xyaum thiab tuaj yeem ua tiav nrog ntau qhov tshwj xeeb. Piv txwv li, kev ua haujlwm tau zoo yog pom thaum SMT (HyperThreading) yog neeg xiam thiab LLC cache yog segmented ntawm CPU cores.
- Txhais cov kev ncua ntawm kev ncua ntawm keystrokes. Qhov kev ncua sij hawm yog nyob ntawm txoj hauj lwm ntawm cov yuam sij thiab tso cai, los ntawm kev txheeb xyuas txheeb cais, rov tsim cov ntaub ntawv nkag los ntawm cov keyboard nrog qee qhov tshwm sim (piv txwv li, feem ntau cov neeg feem ntau ntaus "s" tom qab "a" sai dua "g" tom qab. "s").
- Npaj ib qho kev sib txuas lus zais kom hloov cov ntaub ntawv ntawm cov txheej txheem ntawm qhov ceev ntawm li 4 megabits ib ob, uas tsis siv lub cim xeeb sib koom, processor cache, thiab CPU cov peev txheej tshwj xeeb thiab cov qauv txheej txheem. Nws tau raug sau tseg tias txoj kev npaj los tsim kom muaj kev zais channel yog qhov nyuaj heev los thaiv nrog cov txheej txheem uas twb muaj lawm ntawm kev tiv thaiv kev tawm tsam sab-channel.
Kev siv dag zog tsis tas yuav muaj cov cai tshwj xeeb thiab tuaj yeem siv tau los ntawm cov neeg siv zoo tib yam, tsis muaj peev xwm. Nws tau raug sau tseg tias qhov kev tawm tsam tuaj yeem tuaj yeem hloov kho los npaj cov ntaub ntawv tawm ntawm cov tshuab virtual, tab sis qhov teeb meem no dhau ntawm qhov kev kawm thiab kev sim ntawm cov tshuab virtualization tsis tau ua. Cov lus pom zoo tau sim ntawm Intel i7-9700 CPU hauv Ubuntu 16.04. Feem ntau, txoj kev tawm tsam tau raug sim ntawm desktop processors los ntawm Intel Coffee Lake thiab Skylake tsev neeg, thiab tseem muaj feem cuam tshuam rau Xeon server processors los ntawm Broadwell tsev neeg.
Nplhaib Interconnect thev naus laus zis tau tshwm sim hauv cov txheej txheem raws li Sandy Choj microarchitecture thiab muaj ntau lub tsheb npav uas siv los txuas kev suav thiab cov duab kos duab, tus choj txuas rau tus neeg rau zaub mov thiab cache. Lub ntsiab lus ntawm txoj kev tawm tsam yog tias, vim yog lub nplhaib tsheb npav bandwidth txwv, kev ua haujlwm nco hauv ib txheej txheem ncua kev nkag mus rau lub cim xeeb ntawm lwm cov txheej txheem. Los ntawm kev txheeb xyuas cov ntsiab lus ntawm kev siv los ntawm kev rov qab engineering, tus neeg tawm tsam tuaj yeem tsim lub nra uas ua rau kev nkag mus rau lub cim xeeb qeeb hauv lwm cov txheej txheem thiab siv cov kev ncua sij hawm no ua ib sab channel kom tau txais cov ntaub ntawv.
Kev tawm tsam ntawm cov tsheb npav hauv CPU yog cuam tshuam los ntawm qhov tsis muaj cov ntaub ntawv hais txog kev tsim qauv thiab kev ua haujlwm ntawm lub tsheb npav, nrog rau cov suab nrov, uas ua rau nws nyuaj rau cais cov ntaub ntawv tseem ceeb. Nws tuaj yeem nkag siab txog cov qauv kev khiav haujlwm ntawm lub tsheb npav los ntawm kev rov qab engineering ntawm cov txheej txheem siv thaum xa cov ntaub ntawv los ntawm lub npav. Cov qauv kev faib cov ntaub ntawv raws li kev kawm tshuab tau siv los cais cov ntaub ntawv tseem ceeb ntawm lub suab nrov. Cov qauv npaj tau ua kom muaj peev xwm tswj xyuas qhov kev ncua sij hawm ntawm kev suav hauv cov txheej txheem tshwj xeeb, nyob rau hauv cov xwm txheej thaum muaj ntau yam txheej txheem ib txhij nkag mus rau lub cim xeeb thiab qee qhov ntawm cov ntaub ntawv rov qab los ntawm processor caches.
Tsis tas li ntawd, peb tuaj yeem sau tseg qhov kev txheeb xyuas cov cim ntawm kev siv kev siv rau thawj qhov sib txawv ntawm Spectre vulnerability (CVE-2017-5753) thaum muaj kev tawm tsam ntawm Linux systems. Cov kev siv nyiaj siv cov ntaub ntawv sab-channel xau kom pom cov superblock hauv nco, txiav txim siab qhov inode ntawm /etc/shadow file, thiab xam qhov chaw nyob ntawm lub cim xeeb kom khaws cov ntaub ntawv los ntawm disk cache.
Tau qhov twg los: opennet.ru