Computation that needs to be "secure" is everywhere in practice

November 25, 2021

In a comment on my entry on the security or lack of it of simultaneous multithreading on modern x86 CPUs, Verisimilitude said in (small) part:

It's obvious to me that secure computation should happen at a higher level. [...]

This is a very tempting idea in theory, but I think it has a problem in practice, namely that such secure computation is likely to be everywhere in the modern world. At least, it's everywhere once you start including confidentiality in your criteria for being secure and security sensitive computation.

The problem is that we have wound up with a lot of things on our devices that we want to keep confidential, or in another perspective we've wound up in a world where a lot of untrusted things have an inordinate amount of access to our devices. Cryptographic keys are the tip of the iceberg; there are also access tokens in the form of cookies, JWTs, and all of the other forms they take, URLs that we visit, apps that we use, what we type on the keyboard, and on and on and on. We are barely keeping up with identifying what's sensitive and needs to be kept confidential, never mind actually controlling snooping on it.

(In addition the days when we could trust all of the software running on our devices to always be acting in our interests are long gone, if they even existed in the first place. This is most visible on phones and tablets; more conventional operating systems are sort of living in necessary denial.)

Since there are so many sensitive things and so many things that might be snooping on them, changing how either side of that works in any significant way would not be a small change. That means that in practice it can't really be done. No one is going to blow up the world to get secure computing.

(Blowing up the world to build your own secure version has been tried by some organizations with very large budgets, for example inside the US government. The general view is that they've failed; their systems have fallen down on functionality, usability, and quite possibly security as well.)

Written on 25 November 2021.
« I wish systemd logged information about the source of "transactions"
Why region based memory allocation help with fragmentation »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Nov 25 01:00:29 2021
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.