Gulu la ofufuza ochokera ku yunivesite ya Illinois apanga njira yatsopano yowukira njira yomwe imayendetsa kutayikira kwa chidziwitso kudzera mu Ring Interconnect ya Intel processors. Kuwukiraku kumakupatsani mwayi wowunikira zambiri zogwiritsa ntchito kukumbukira mu pulogalamu ina ndikutsata zidziwitso zanthawi ya keystroke. Ofufuzawo adasindikiza zida zochitira miyeso yofananira ndi ma prototype angapo.
Zochita zitatu zaperekedwa kuti zitheke:
- Bwezerani makiyi achinsinsi mukamagwiritsa ntchito RSA ndi EdDSA zomwe zili pachiwopsezo chowukiridwa ndi njira (ngati kuchedwa kwa ma computing kumadalira zomwe zasinthidwa). Mwachitsanzo, kutayikira kwa ma bits omwe ali ndi chidziwitso choyambira (nonce) cha EdDSA ndikokwanira kugwiritsa ntchito kuwukira kuti mubwezeretse kiyi yonse yachinsinsi motsatana. Kuwukirako ndi kovuta kukhazikitsa muzochita ndipo kumatha kuchitidwa ndi kuchuluka kwa kusungitsa. Mwachitsanzo, ntchito yabwino imawonetsedwa SMT (HyperThreading) ikayimitsidwa ndipo cache ya LLC yagawika pakati pa ma CPU cores.
- Tanthauzirani magawo okhudza kuchedwa pakati pa makiyi. Kuchedwerako kumadalira momwe makiyi alili ndikulola, kupyolera mu kusanthula ziwerengero, kukonzanso deta yomwe yalowetsedwa kuchokera pa kiyibodi ndi chotheka china (mwachitsanzo, anthu ambiri amalemba "s" pambuyo pa "a" mofulumira kuposa "g" pambuyo pake. "s").
- Konzani njira yolumikizirana yobisika kuti isamutsire deta pakati pa njira pa liwiro la pafupifupi 4 megabits pamphindikati, yomwe sigwiritsa ntchito kukumbukira komwe mudagawana, posungira purosesa, ndi zida za CPU core ndi mapurosesa. Zikudziwika kuti njira yopangira njira yobisalira ndiyovuta kwambiri kutsekereza ndi njira zomwe zilipo kale zodzitetezera motsutsana ndi zida zam'mbali.
Zochita zambiri sizifuna mwayi wapamwamba ndipo zitha kugwiritsidwa ntchito ndi ogwiritsa ntchito wamba, opanda mwayi. Zimadziwika kuti kuukiraku kungathe kusinthidwa kuti akonze kutayikira kwa data pakati pa makina enieni, koma nkhaniyi inali yoposa kukula kwa phunzirolo ndipo kuyesa machitidwe a virtualization sikunachitike. Khodiyo idayesedwa pa Intel i7-9700 CPU ku Ubuntu 16.04. Nthawi zambiri, njira yowukirayi yayesedwa pa ma processor apakompyuta kuchokera ku Intel Coffee Lake ndi banja la Skylake, ndipo imagwiranso ntchito kwa ma processor a seva a Xeon ochokera kubanja la Broadwell.
Ukadaulo wa Ring Interconnect udawonekera mu mapurosesa otengera Sandy Bridge yaying'ono ndipo imakhala ndi mabasi angapo ozungulira omwe amagwiritsidwa ntchito kulumikiza ma kompyuta ndi ma graphics cores, mlatho wa seva ndi cache. Chofunikira cha njira yowukira ndikuti, chifukwa cha kuchepa kwa bandwidth mabasi a mphete, ntchito zokumbukira munjira imodzi zimachedwetsa kukumbukira njira ina. Pozindikira tsatanetsatane wogwirizira pogwiritsa ntchito uinjiniya wosinthira, wowukira atha kupanga katundu womwe umayambitsa kuchedwa kwa kukumbukira munjira ina ndikugwiritsa ntchito kuchedwa uku ngati njira yakumbali kuti apeze zambiri.
Kuwukira kwa mabasi amkati a CPU kumalephereka chifukwa chosowa chidziwitso chokhudza mamangidwe ndi njira zogwirira ntchito za basi, komanso phokoso lalikulu, zomwe zimapangitsa kuti zikhale zovuta kupatula deta yothandiza. Zinali zotheka kumvetsetsa mfundo zoyendetsera mabasi pogwiritsa ntchito uinjiniya wosinthika wa ma protocol omwe amagwiritsidwa ntchito potumiza deta kudzera m'basi. Njira yogawa deta yotengera njira zophunzirira makina idagwiritsidwa ntchito kulekanitsa mfundo zothandiza ndi phokoso. Mtundu womwe waperekedwawo udapangitsa kuti zitheke kukonza kuwunika kwa kuchedwa pakuwerengera munjira inayake, munthawi yomwe njira zingapo nthawi imodzi zimafikira kukumbukira ndipo gawo lina la data limabwezeretsedwa kuchokera ku ma processor cache.
Kuphatikiza apo, titha kuzindikira kuzindikirika kwa kugwiritsiridwa ntchito kwa kugwiritsidwa ntchito kwa mtundu woyamba wa Specter vulnerability (CVE-2017-5753) pakuwukira kwa makina a Linux. Kugwiritsa ntchito kumagwiritsa ntchito kutayikira kwa chidziwitso cham'mbali kuti mupeze block block, kudziwa mtundu wa fayilo ya /etc/shadow, ndikuwerengera adilesi yatsamba la kukumbukira kuti mutengenso fayiloyo ku cache ya disk.
Source: opennet.ru