Chris's Wiki :: blog/tech/SMTSecurityUncertainty Commentshttps://utcc.utoronto.ca/~cks/space/blog/tech/SMTSecurityUncertainty?atomcommentsDWiki2021-11-13T14:20:21ZRecent comments in Chris's Wiki :: blog/tech/SMTSecurityUncertainty.By Walex on /blog/tech/SMTSecurityUncertaintytag:CSpace:blog/tech/SMTSecurityUncertainty:a80b2f2d7274a32858e52238fa620fa5e59417e9Walex<div class="wikitext"><p>«<em>If you operate servers in a strongly hostile environment</em>»</p>
<p>Write-down and side-channels have been known issues for many decades (well before the Orange Book, 1983) and I think that they cannot be solved cheaply, As to "strongly hostile environment" sites, that is not universities and not "cloud" providers, I suspect run gapped systems for every security level or compartment, so might as well not worry about side channels (yes "only the paranoid survive", though).</p>
<p>«<em>we could probably enable SMT without getting a security breach as a result</em>»</p>
<p>Depends on which “<em>security breach</em>”. Side channels usually allow write-down or read-up, that is information leakage, but usually do not allow write-up directly, that is privilege escalation. If someone is storing credentials that allow privilege escalation unencrypted in memory on shared computers with side-channels (never mind "giant backdoor" VM hosts) they deserve what they get :-).</p>
</div>2021-11-13T14:20:21ZBy Verisimilitude on /blog/tech/SMTSecurityUncertaintytag:CSpace:blog/tech/SMTSecurityUncertainty:76ea9f81f13dea427afb5d59c5dbcb5ff5616d38Verisimilitudehttp://verisimilitudes.net<div class="wikitext"><p>The entire mess is suitably interesting.</p>
<p>It's obvious to me that secure computation should happen at a higher level. Consider an expression reducer entirely divorced from the ability to determine time, representation provenance, and other such things; it's clearly safe to run such a program without worries. People could argue it would be too inefficient, but it's not as if most programs properly use the resources afforded to them anyway.</p>
<p>Perhaps I should write about this on my website at some point.</p>
</div>2021-11-13T00:41:09Z