16

Should I use the plain "bsd" or "bsd.mp" kernel if I need a safer operating system? eg.: against side-channel attacks.

Thinking of that even 2 physical core CPUs can share something between each other that can be used for a local or remote attack.

https://www.openbsd.org/faq/faq4.html :

bsd.mp The multi-processor kernel

Improve this question

1 Answer 1

Reset to default
28

Using a kernel which will use only a single physical and logical (hyper-threading) CPU core implicitly protects against attacks which involve multiple CPU cores, i.e. certain types of local side-channel attacks, race conditions etc. But it also drastically reduces the performance on multi-core systems which makes it more susceptible against attacks where the defense could profit from more performance or parallel execution.

Thus, if you need a "safer" operating system you should evaluate in detail how safe it really needs to be and what kind of attacks are actually relevant. Everything is a trade-off and if you optimize to protect against some kind of attack which is not relevant for your use case you might inadvertently make you more vulnerable for attacks which are actually relevant.

Specifically, if your use case does not involve running potentially untrusted code on the system (like Javascript from somewhere on the internet running inside the browser), then protecting against local side-channel attacks is probably not relevant, especially if the protection dramatically reduces the performance of the system.

Improve this answer
10
  • 1
    Thanks for the answer, but "i.e. certain types of local side-channel attacks, race conditions etc." that is what i cannot find in google, that is this REALLY a thing (possible on any level) or just urban legend. Since we know about intels hyper-threading security issues for side channel attack, but the question is for using one physical core or is it less safe to use more?
    – peterK88
    Commented Jul 8 at 8:10
  • 3
    @peterK88: parallel code always has problems with race conditions when the same memory location is accessed/written from multiple threads at the same time without proper locking. As for side-channels: in current architectures multiple physical cores usually share RAM, maybe even some memory cache. If multiple cores access the same memory area at the same time there will be locking at the hardware level - which incurs costs which can be measured. But again, this might or might not be relevant in your specific (unknown) use case.
    – Steffen Ullrich
    Commented Jul 8 at 8:41
  • 3
    @peterK88: see also this paper about cross-core side channel attacks. "... for using one physical core ..." - note that my answer explicitly is about logical cores, not physical cores. A physical core with hyper-threading means multiple logical cores, which in some cases is even a bigger problem than multiple physical cores with no hyper-threading. In any case - whenever there are shared resources between cores there is a potential for side channel attacks. And the tighter the sharing is, the more likely such attacks are.
    – Steffen Ullrich
    Commented Jul 8 at 8:55
  • With respect to RAM, typically there should be an MMU that manages access to memory by the various cores. MMUs typically provide registers that set which cores can access which pages of memory. If things are properly designed, one core should not be able to access memory used by another core unless the operating system sets the MMU to allow it.
    – user4574
    Commented Jul 8 at 14:21
  • 1
    @SteffenUllrich on a modern OS with preemptive scheduling, race conditions can, and will, happen even if the OS is using only a single logical core. They may be rarer, but nothing says the OS can't preempt the userspace process in a weird spot. Not to mention signals - using a single core does not stop regreSSHion for example.
    – jaskij
    Commented Jul 10 at 6:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .