Never ending side channel attacks. Stallman was right, only 100% FOSS gives you control over your device.
And given that a lot of this stuff is relying on timing the only reliable cure is to make everything slow. But no one wants that. Or maybe getting rid of precise timers in userspace. It would be funny if stopwatch precision was bound to screen refresh rate.
You can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamp counter is unavailable.
Never ending side channel attacks. Stallman was right, only 100% FOSS gives you control over your device.
And given that a lot of this stuff is relying on timing the only reliable cure is to make everything slow. But no one wants that. Or maybe getting rid of precise timers in userspace. It would be funny if stopwatch precision was bound to screen refresh rate.
That wouldn’t be too bad. There could be a new permission for precise time.
…and there you go:
https://ccs25files.zoolab.org/main/ccsfb/1REOCPAR/3719027.3765061.pdf
https://misc0110.net/files/exfilstate_ccs25.pdf
From https://www.sigsac.org/ccs/CCS2025/accepted-papers/ (#378)
Literally published less than a day ago:
At the same conference (CCS) that the paper referred to by the ars technica article was accepted.
You can implement a counting-thread that’s even more precise than the CPU’s timer (TSC on x86) platforms. This was shown in attacks on Intel SGX, where the rdtsc instruction to access the time-stamp counter is unavailable.
https://link.springer.com/chapter/10.1007/978-3-319-60876-1_1
https://arxiv.org/pdf/1702.08719
If you remove access to the timer, attackers will simply build one.