W3C home > Mailing lists > Public > public-fx@w3.org > October to December 2011

Re: Documenting Timing Attacks in Rendering Engines

From: Ralph Thomas <ralpht@gmail.com>
Date: Mon, 12 Dec 2011 12:17:31 -0800
Message-ID: <CAAYQYDRGXsJGxuZR718wKgVDDCDKu-xAH_u=jGnnSjhOG0zbLQ@mail.gmail.com>
To: "Tab Atkins Jr." <jackalmage@gmail.com>
Cc: Adam Barth <w3c@adambarth.com>, Vincent Hardy <vhardy@adobe.com>, "public-fx@w3.org" <public-fx@w3.org>
Can you give me an example of such an effect? I've used secondary
textures for performing look ups, but haven't needed to do anything
with a source-image sample which couldn't have been expressed in a
constant time way.

Another approach might be to transform conditionals so that both
branches are always evaluated and the result is selected after that
(which might require some cooperation from the driver to not compile
it back to a conditional).

Ralph

On Mon, Dec 12, 2011 at 12:06 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote:
> On Mon, Dec 12, 2011 at 12:00 PM, Ralph Thomas <ralpht@gmail.com> wrote:
>> Do you think that GLSL could be changed to prevent the timing from
>> changing depending on the content? Could the GLSL validator be changed
>> to not allow conditionals dependent on texture samples from the page?
>>
>> That would eliminate various effects, but at least most shaders
>> wouldn't do texture indirections anyway, since it's slow on embedded
>> hardware.
>
> Not without completely neutering the language.  There are many effects
> based on the texture contents.
>
> ~TJ
Received on Monday, 12 December 2011 20:18:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 12 December 2011 20:18:09 GMT