Ithimba labacwaningi abavela eNyuvesi yase-Illinois lenze indlela entsha yokuhlasela yesiteshi eseceleni elawula ukuvuza kolwazi nge-Ring Interconnect yama-Intel processors. Ukuhlasela kukuvumela ukuthi ugqamise ulwazi lokusetshenziswa kwememori kolunye uhlelo lokusebenza futhi ulandelele ulwazi lwesikhathi sokuchofoza ukhiye. Abacwaningi bashicilele amathuluzi okwenza izilinganiso ezihlobene kanye nokuxhashazwa kwe-prototype okuningana.
Kuhlongozwe ukuxhashazwa okuthathu okuzovumela:
- Buyisa izingcezu ngazinye zokhiye bokubethela lapho usebenzisa ukusetshenziswa kwe-RSA ne-EdDSA okusengozini yokuhlaselwa kwesiteshi esiseceleni (uma ukubambezeleka kwezibalo kuncike emininingwaneni ecutshungulwayo). Isibonelo, ukuvuza kwamabhithi angawodwana ngolwazi olumayelana nevekhtha yokuqalisa (nonce) ye-EdDSA kwanele ukusebenzisa ukuhlasela ukuze ubuyisele wonke ukhiye oyimfihlo ngokulandelana kwawo. Ukuhlasela kunzima ukukusebenzisa ekusebenzeni futhi kungenziwa ngenani elikhulu lokubhuka. Isibonelo, ukusebenza ngempumelelo kuboniswa lapho i-SMT (HyperThreading) ivaliwe futhi inqolobane ye-LLC ihlukaniswa phakathi kwamacores e-CPU.
- Chaza amapharamitha mayelana nokulibaziseka phakathi kwama-keystrokes. Ukubambezeleka kuncike endaweni yokhiye futhi kuvumela, ngokuhlaziywa kwezibalo, ukudala kabusha idatha efakwe kukhibhodi ngamathuba athile (isibonelo, abantu abaningi ngokuvamile bathayipha u-“s” ngemva kuka-“a” ngokushesha kakhulu kuno-“g” ngemva kwalokho. "s").
- Hlela isiteshi sokuxhumana esifihliwe ukuze udlulise idatha phakathi kwezinqubo ngesivinini esingamamegabhithi angu-4 ngesekhondi, esingasebenzisi inkumbulo eyabiwe, inqolobane yokucubungula, nezinsiza eziqondene ne-CPU nezakhiwo zokucubungula. Kuyaphawulwa ukuthi indlela ehlongozwayo yokwakha isiteshi esifihlekile inzima kakhulu ukuvimba ngezindlela ezikhona zokuvikela ekuhlaselweni kwesiteshi esiseceleni.
Lokhu kuxhashazwa akudingi amalungelo aphezulu futhi kungasetshenziswa abasebenzisi abavamile, abangenamalungelo. Kuyaphawuleka ukuthi ukuhlaselwa kungase kulungiswe ukuze kutholakale idatha phakathi kwemishini ebonakalayo, kodwa le nkinga yayingaphezu kobubanzi bocwaningo, futhi ukuhlolwa kwezinhlelo ze-virtualization akwenziwanga. Ikhodi ephakanyisiwe ihlolwe ku-Intel i7-9700 CPU ku- Ubuntu 16.04. Ngokuvamile, indlela yokuhlasela ihlolwe kuma-desktop processors emindenini ye-Intel Coffee Lake kanye ne-Skylake, futhi kungenzeka ukuthi iyasebenza kuma-server processors omndeni we-Xeon Broadwell.
Ubuchwepheshe be-Ring Interconnect buvele kumaphrosesa asekelwe ku-Sandy Bridge microarchitecture futhi iqukethe amabhasi amaningana aboshwe asetshenziselwa ukuxhuma amakhompiyutha nama-graphics cores, ibhuloho leseva kanye nenqolobane. Ingqikithi yendlela yokuhlasela iwukuthi, ngenxa yomkhawulo womkhawulokudonsa webhasi lendandatho, imisebenzi yenkumbulo enqubweni eyodwa ibambezela ukufinyelela kwinkumbulo yenye inqubo. Ngokukhomba imininingwane yokusetshenziswa ngobunjiniyela obuhlehlayo, umhlaseli angakwazi ukukhiqiza umthwalo obangela ukubambezeleka kokufinyelela kumemori kwenye inqubo futhi asebenzise lokhu kubambezeleka njengesiteshi eseceleni ukuze athole ulwazi.
Ukuhlaselwa kwamabhasi e-CPU angaphakathi kuphazanyiswa ukuntula ulwazi mayelana nezakhiwo nezindlela zokusebenza zebhasi, kanye nezinga eliphezulu lomsindo, okwenza kube nzima ukuhlukanisa idatha ewusizo. Kube nokwenzeka ukuqonda imigomo yokusebenza kwebhasi ngokusebenzisa ubunjiniyela obuhlehlayo bemigomo esetshenziswa uma kudluliswa idatha ngebhasi. Imodeli yokuhlukaniswa kwedatha esekelwe ezindleleni zokufunda zomshini yasetshenziswa ukuze kuhlukaniswe ulwazi oluwusizo nomsindo. Imodeli ehlongozwayo yenze kwaba nokwenzeka ukuhlela ukuqapha ukubambezeleka phakathi nezibalo zenqubo ethile, ezimeni lapho izinqubo ezimbalwa ngesikhathi esisodwa zifinyelela kumemori futhi ingxenye ethile yedatha ibuyiswa kusukela kunqolobane yokucubungula.
Ngaphezu kwalokho, kungenzeka ukuqaphela ukutholakala kwezimpawu zokusetshenziswa ngesikhathi sokuhlaselwa kwezinhlelo Linux I-exploit yenguqulo yokuqala ye-Spectre vulnerability (CVE-2017-5753). I-exploit isebenzisa ukuvuza kolwazi lwesiteshi esiseceleni ukuthola i-superblock kwimemori, ukunquma i-inode yefayela le-/etc/shadow, nokubala ikheli lekhasi lememori ukuze kutholakale ifayela kusuka ku-disk cache.
Source: opennet.ru
