In the first quarter of 2024, I did a short stint as a teacher at Uppsala University. I taught the class “platform-spanning systems” (PSS), which is a fourth-year/masters-level course for engineering and computer science students. It was fun and rewarding to be back at the university, and I probably learnt as much as the my students.
Continue reading “Teaching a Class at Uppsala University”Tag: Javascript
Timing Measurements and Security
There have been quite a few security exploits and covert channels based on timing measurements in recent years. Some examples include Spectre and Meltdown, Etienne Martineau’s technique from Def Con 23, the technique by Maurice et al from NDSS 2017, and attacks on crypto algorithms by observing the timing of execution. There are many more examples, and it is clear that measuring time, in particular in order to tell cache hits and cache misses apart, is a very useful primitive. Thus, it seems to make sense to make it harder for software to measure time, by reducing the precision of or adding jitter to timing sources. But it seems such attempts are rather useless in practice.
[Updated 2018-01-29 with a note on ARC SEM110-120 processors]
Continue reading “Timing Measurements and Security”