Multi-core Security

A question from a distinguished colleague of mine:

Q: Some security group is claiming that locking apps down to a single cpu is more secure that multi-threaded apps.  Is there any basis in fact that I don’t know of or is this as ridiculous as I think it is? – Distinguished Dude

A: It is called Side Channel Attacks…thus far its only a theory that has no known in the wild exploit

In light of the potential for information to be leaked across con- text switches, especially via the L2 and larger cache(s), we also recom- mend that operating systems provide some mechanism for processes to request special “secure” treatment, which would include flushing all caches upon a context switch. It is not immediately clear whether it is possible to use the occupancy of the cache across context switches as a side channel, but if an unprivileged user can cause his code to pre-empt a cryptographic operation (e.g., by operating with a higher scheduling priority and being repeatedly woken up by another process), then there is certainly a strong possibility of a side channel

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109

The idea is that if you don’t clear your threads then you could leave it open to be snooped. The issue with this idea though is that Hyperthreading is by nature a single CPU issue. Single CPU isn’t the problem in as far as threads are the issue. The problem is the ability for CPU to utilize multicores. Multicore does have security issues. Locking a process to a single core still doesn’t help as the memory bus is still shared in the architecture. In order to truly be secure you must use Selinux to lock down the memory, address space, CPU cycles, and FACL

Nick

Updated: