Re: Practical Timing Side Channel Attacks on Memory Compression

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Filip Janus <fjanus(at)redhat(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Practical Timing Side Channel Attacks on Memory Compression
Date: 2022-04-06 14:29:01
Message-ID: CA+TgmoZgXvD+U5BPMV+GNOstD=Z7RxA7RH037LSGfW9ybyEdyA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Apr 6, 2022 at 10:14 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> > One last thought: I don't think it's right to suppose that every
> > security vulnerability is the result of some design flaw and every
> > security vulnerability must be patched.
>
> As far as Postgres is concerned, I'm kind of unimpressed by timing-based
> attacks. There are enough layers between a hypothetical attacker and a
> particular algorithm in the backend that it'd be really hard to get any
> reliable numbers. Length-based attacks are more realistic, since e.g.
> we allow you to find out the compressed size of a data value. But as
> you noted, those can be defeated by not storing sensitive data in the
> same place as attacker-controlled data. Or turning off compression,
> but that's largely throwing the baby out with the bathwater. In the
> end I think it's up to the DBA how concerned to be about this and
> what measures she should take to mitigate any risks.

I think that the paper shows that, under the right set of
circumstances, a timing-based attack is possible here. How frequently
those circumstances will arise is debatable, but I don't find it hard
to believe that there are production PostgreSQL clusters out there
against which such an attack could be mounted. I think you're right
when you say that length-based attacks might be practical, and perhaps
some of those might have more to do with PostgreSQL than than this
does, since this is really mostly about the properties of compression
algorithms in general rather than PostgreSQL specifically. I also
completely agree that it's really up to the DBA to decide how worried
to be and what to do about it. I think that the fact that compression
doesn't always run at the same speed or produce an output of the same
size is pretty much intrinsic to the idea of a compression algorithm,
and in a wide variety of circumstances that is absolutely fine and
absolutely desirable. When it permits this kind of attack, it's not,
but then don't use compression, or mitigate the problem some other
way.

--
Robert Haas
EDB: http://www.enterprisedb.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Frédéric Yhuel 2022-04-06 14:48:57 REINDEX blocks virtually any queries but some prepared queries.
Previous Message Tom Lane 2022-04-06 14:14:01 Re: Practical Timing Side Channel Attacks on Memory Compression