From: | Greg Stark <stark(at)mit(dot)edu> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Filip Janus <fjanus(at)redhat(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Practical Timing Side Channel Attacks on Memory Compression |
Date: | 2022-04-06 15:23:37 |
Message-ID: | CAM-w4HOgtti8-X2J92ZjBZO7bhPTm0uuG=gfaLkvGhA_qybg6w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, 6 Apr 2022 at 10:29, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> I think that the paper shows that, under the right set of
> circumstances, a timing-based attack is possible here.
Generally any argument that an attack is infeasible is risky and
usually leads to security professionals showing that surprisingly
difficult attacks are entirely feasible.
However I think the opposite argument is actually much more
compelling. There are *so many* timing attacks on a general purpose
computing platform like Postgres that any defense to them can't
concentrate on just one code path and has to take a more comprehensive
approach.
So for example a front-end can add some stochastic latency or perhaps
padd latency to fixed amount.
Perhaps postgres could offer some protection at that level by e.g.
offering a function to do it. For most users I think they're better
off implementing it at the application level but some people use
database stored functions as their application level so it might be
useful for them.
Something like pg_sleep_until_multiple_of('50ms') which looks at the
transaction start time and calculates the amount of time to sleep
automatically.
--
greg
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2022-04-06 15:33:37 | Re: SQL/JSON: JSON_TABLE |
Previous Message | Robert Haas | 2022-04-06 15:22:54 | Re: [PATCH] pg_stat_toast |