Iqela labaphandi abavela kwiDyunivesithi yase-Illinois lenze indlela entsha yohlaselo lwetshaneli esecaleni elawula ukuvuza kolwazi ngeRingi Unxibelelwano lwe-Intel processors. Uhlaselo lukuvumela ukuba uqaqambise ulwazi lokusetyenziswa kwememori kwesinye isicelo kwaye ulandelele ulwazi lwexesha le-keystroke. Abaphandi bapapashe izixhobo zokwenza imilinganiselo ehambelanayo kunye nezenzo ezininzi zeprototype.
Kucetyiwe izinto ezintathu eziza kuvumela:
- Fumana kwakhona amasuntswana amaqhosha oguqulelo oluntsonkothileyo xa usebenzisa uphumezo lweRSA kunye ne-EdDSA olusesichengeni sohlaselo olusecaleni kwendlela (ukuba ukulibaziseka kobalo kuxhomekeke kulwazi olusetyenzwayo). Umzekelo, ukuvuza kweebhithi zomntu ngamnye ngolwazi malunga nevector yokuqalisa (nonce) ye-EdDSA kwanele ukusebenzisa uhlaselo ukubuyisela ngokulandelelana iqhosha labucala lonke. Ukuhlaselwa kunzima ukuphumeza ekusebenzeni kwaye kunokwenziwa ngenani elikhulu logcino. Umzekelo, umsebenzi oyimpumelelo uboniswa xa i-SMT (HyperThreading) ivaliwe kwaye i-cache ye-LLC yahlulwe phakathi kwe-CPU cores.
- Chaza iparameters malunga nokulibaziseka phakathi kwezitshixo. Ulibaziseko luxhomekeke kwindawo yezitshixo kwaye uvumele, ngohlalutyo lwamanani, ukwenza kwakhona idatha efakwe kwibhodibhodi ngokunokwenzeka okuthile (umzekelo, abantu abaninzi badla ngokuchwetheza "s" emva "a" ngokukhawuleza kuno "g" emva koko. "s").
- Lungiselela ijelo lonxibelelwano elifihliweyo ukudlulisa idatha phakathi kweenkqubo ngesantya malunga ne-4 megabits ngesekhondi, engasebenzisi imemori ekwabelwana ngayo, i-cache yeprosesa, kunye nezixhobo ezingundoqo ze-CPU kunye nezakhiwo zeprosesa. Kuphawulwe ukuba indlela ecetywayo yokudala ishaneli efihlakeleyo inzima kakhulu ukuyivimba ngeendlela ezikhoyo zokukhusela ekuhlaselweni kwecala.
Ukuxhaphaza akufuni amalungelo aphakamileyo kwaye anokusetyenziswa ngabasebenzisi abaqhelekileyo, abangenalo ilungelo. Kuyaphawulwa ukuba uhlaselo lunokuthi luhlengahlengiswe ukuze luququzelele ukuvuza kwedatha phakathi koomatshini obubonakalayo, kodwa lo mbandela wawungaphaya kobubanzi bokufunda kunye nokuvavanywa kweenkqubo zokubonwayo akuzange kwenziwe. Ikhowudi ecetywayo yavavanywa kwi-Intel i7-9700 CPU kwi-Ubuntu 16.04. Ngokubanzi, indlela yohlaselo ivavanyiwe kwiiprosesa zedesktop ezivela kwi-Intel Coffee Lake kunye nosapho lweSkylake, kwaye iyasebenza nakwi-Xeon server processors ukusuka kusapho lwe-Broadwell.
Itekhnoloji ye-Ring Interconnect yavela kwiiprosesa ezisekwe kwiSandy Bridge microarchitecture kwaye iqulathe iibhasi ezininzi ezijijekileyo ezisetyenziselwa ukudibanisa iikhora zekhompuyutha kunye nemizobo, ibhulorho yeseva kunye necache. Ingundoqo yendlela yokuhlaselwa kukuba, ngenxa yokunciphisa i-bandwidth yebhasi yebhasi, imisebenzi yememori kwinkqubo enye ilibazisa ukufikelela kwimemori yenye inkqubo. Ngokuchonga iinkcukacha zokuphunyezwa ngobunjineli obubuyisela umva, umhlaseli unokuvelisa umthwalo obangela ukulibaziseka kokufikelela kwimemori kwenye inkqubo kwaye asebenzise oku kulibaziseka njengejelo lecala lokufumana ulwazi.
Ukuhlaselwa kweebhasi ze-CPU zangaphakathi ziphazamiseka kukungabikho kolwazi malunga nezakhiwo kunye neendlela zokusebenza zebhasi, kunye neqondo eliphezulu lengxolo, okwenza kube nzima ukwahlula idatha eluncedo. Kwakunokwenzeka ukuqonda imigaqo yokusebenza yebhasi ngokusebenzisa ubunjineli obubuyela umva kwiiprothokholi ezisetyenziswayo xa kuhanjiswa idatha ngebhasi. Imodeli yokuhlelwa kwedatha esekelwe kwiindlela zokufunda zoomatshini yasetyenziselwa ukwahlula ulwazi oluluncedo kwingxolo. Imodeli ecetywayo yenze ukuba kube lula ukuququzelela ukubeka iliso kokulibaziseka ngexesha lokubala kwinkqubo ethile, kwiimeko apho iinkqubo ezininzi ngaxeshanye zifikelela kwimemori kwaye inxalenye ethile yedatha ibuyiswa kwi-cache yeprosesa.
Ukongezelela, sinokuqaphela ukuchongwa kweempawu zokusetyenziswa kwe-exploit yokwahluka kokuqala kweSpecter vulnerability (CVE-2017-5753) ngexesha lokuhlaselwa kweenkqubo zeLinux. I-exploit isebenzisa ukuvuza kolwazi lwecala lesiteshi ukufumana i-superblock kwimemori, misela i-inode yefayile /etc/shadow, kwaye ubale idilesi yephepha lememori ukubuyisela ifayile kwi-cache yediski.
umthombo: opennet.ru
