Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Wednesday May 23 2018, @06:47PM   Printer-friendly
from the your-computer-is-not-a-fast-PDP-11 dept.

Very interesting article at the IEEE ACM by David Chisnall.

In the wake of the recent Meltdown and Spectre vulnerabilities, it's worth spending some time looking at root causes. Both of these vulnerabilities involved processors speculatively executing instructions past some kind of access check and allowing the attacker to observe the results via a side channel. The features that led to these vulnerabilities, along with several others, were added to let C programmers continue to believe they were programming in a low-level language, when this hasn't been the case for decades.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by VLM on Wednesday May 23 2018, @07:43PM (3 children)

    by VLM (445) Subscriber Badge on Wednesday May 23 2018, @07:43PM (#683237)

    C on a PDP-11 is essentially structured assembly language, kinda like IBM mainframes had HAL high level assembler. So you have macro assemblers and the next level of abstraction up is something like C.

    The problem is modern processors have baroque compatibility hardware to emulate stuff from the 70s and unfortunately leaky unpredictable speculative execution units that you can occasionally trick and next thing you know its all meltdown and spectre.

    I guess a good spectre/meltdown SN automobile analogy would be the engine computer in closed loop mode sniffs the exhaust for unburned oxygen and wiggles the fuel injector programming every couple seconds at idle to "perfect" the mixture, and supposedly the algo and source code is all top secret and confidential trade secret but it turns out if you F with meteorological conditions just right while taking very close notes of the computer's behavior, it turns out you can reverse engineer all this private secret stuff even though casually and simplistically its supposedly impossible to crack the engine computer code. In a simplistic way, yeah, 10 seconds of watching a car idle won't give me the complete algo parameters to its engine computer, but let someone F with it for enough hours and they'll have all the data dumped and neatly formatted in a report.

    Its in the same spirit as hacking a crypto implementation in a CPU by high res monitoring the hell out of its current draw as it executes the algo and unless the algo implementor is really careful the current consumption "noise" is leaking out all kinds of secret data, sorta TEMPEST-like. There's a similar timing attack on some poorly implemented crypto. Isn't crypto a huge PITA to get really really correct, not leaking time or power information?

    And rolling it even further back to the 60s, people noticed you could hear AM radio interference change based on code execution which is funny if you're trying to execute rando code to play "daisy" music using your $10M minicomputer but its not so funny when people realized you could listen to crypto routines.

    Spectre/meltdown is in some ways VERY old going back to the oldest days of computing.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 4, Interesting) by Dr Spin on Wednesday May 23 2018, @07:48PM (2 children)

    by Dr Spin (5239) on Wednesday May 23 2018, @07:48PM (#683239)

    C on a PDP-11 is essentially structured assembly language

    True, but the funny bit is that the PDP11 was designed to be a hardware Fortran machine!!!

    --
    Warning: Opening your mouth may invalidate your brain!
    • (Score: 5, Informative) by mechanicjay on Wednesday May 23 2018, @08:57PM

      Gonna need a source for that claim, because it doesn't ring true to me.

      --
      My VMS box beat up your Windows box.
    • (Score: 1, Interesting) by Anonymous Coward on Wednesday May 23 2018, @09:30PM

      by Anonymous Coward on Wednesday May 23 2018, @09:30PM (#683289)

      Are you sure you haven't confused it with the Burroughs B1700?