By: Michael S (already5chosen.delete@this.yahoo.com), June 30, 2022 2:17 pm
Room: Moderated Discussions
Groo (charlie.delete@this.semiaccurate.com) on June 30, 2022 12:56 pm wrote:
> ⚛ (0xe2.0x9a.0x9b.delete@this.gmail.com) on June 30, 2022 12:08 am wrote:
>
> > It is possible to achieve program safety of any complexity purely in software, without any special hardware
> > support for the safety guaranties, in the design of a secure operating system. Thus, from a theoretical
> > viewpoint, it is completely unnecessary to implement any kind of security feature directly in hardware
> > (hardware support for capabilities ... or even hardware support for virtual memory protection).
> >
> > The article's claim that "linear address space as a concept is unsafe at any speed" is false, because
> > theory guarantees that there always exists a particular minimum "speed" (i.e: minimum cost, minimum
> > slowdown) upwards of which the concept of a linear address
> > space can be used to implement a safety guarantee
> > of any particular complexity, via mechanisms implemented purely in software. Obviously, the minimum
> > "speed" (i.e: cost, slowdown) depends on the complexity/definition of the safety features.
> >
>
> Can you clarify something for me? When you say that safety is achievable purely in software, do you assume
> that the entire software stack is controlled by a friendly party, IE the owner? If not, does your supposition
> hold for someone running an intentionally malicious program on top of your fortress of security?
>
Poul-Henning Kamp actually mentioned one such example (IBM i) in the article without realizing that it's actually a counter-example to his claim.
> The second bit is about side channels. Does your correct software ideal take into account misusing correct
> and non-flawed behavior in the ways of modern side channel attacks? If you have a rock solid software stack
> and someone can pull the encryption keys to the disk with a side channel, is it still 'safe'?
>
Side channels are sexy.
But they a hardly a major threat for 99% of us.
To hard to launch for attacker, to many easier ways are readily available.
> I am not saying you are wrong, just wondering if you took these and related scenarios into account when you
> claimed things could be solved in software. For the record, my view is that things can be made 'secure' at most
> levels against known attack vectors but currently unknown or unexpected vectors are a different issue.
>
> -Charlie
>
> ⚛ (0xe2.0x9a.0x9b.delete@this.gmail.com) on June 30, 2022 12:08 am wrote:
>
> > It is possible to achieve program safety of any complexity purely in software, without any special hardware
> > support for the safety guaranties, in the design of a secure operating system. Thus, from a theoretical
> > viewpoint, it is completely unnecessary to implement any kind of security feature directly in hardware
> > (hardware support for capabilities ... or even hardware support for virtual memory protection).
> >
> > The article's claim that "linear address space as a concept is unsafe at any speed" is false, because
> > theory guarantees that there always exists a particular minimum "speed" (i.e: minimum cost, minimum
> > slowdown) upwards of which the concept of a linear address
> > space can be used to implement a safety guarantee
> > of any particular complexity, via mechanisms implemented purely in software. Obviously, the minimum
> > "speed" (i.e: cost, slowdown) depends on the complexity/definition of the safety features.
> >
>
> Can you clarify something for me? When you say that safety is achievable purely in software, do you assume
> that the entire software stack is controlled by a friendly party, IE the owner? If not, does your supposition
> hold for someone running an intentionally malicious program on top of your fortress of security?
>
Poul-Henning Kamp actually mentioned one such example (IBM i) in the article without realizing that it's actually a counter-example to his claim.
> The second bit is about side channels. Does your correct software ideal take into account misusing correct
> and non-flawed behavior in the ways of modern side channel attacks? If you have a rock solid software stack
> and someone can pull the encryption keys to the disk with a side channel, is it still 'safe'?
>
Side channels are sexy.
But they a hardly a major threat for 99% of us.
To hard to launch for attacker, to many easier ways are readily available.
> I am not saying you are wrong, just wondering if you took these and related scenarios into account when you
> claimed things could be solved in software. For the record, my view is that things can be made 'secure' at most
> levels against known attack vectors but currently unknown or unexpected vectors are a different issue.
>
> -Charlie
>