1. 13

  2. 5

    This is the paper I sent people when Invisible Things claimed to discover SMM problems. It already listed that as potential problem needing security evaluation. Readers might find a lack of specifics to justify not worrying until an attack was shown later in detail. In high-assurance security philosophy, everything is insecure until proven otherwise through rigorous analysis since empirical evidence shows that’s necessary in machines designed to share instead of separate. So, second you see it, you choose to accept the unknown risk or deal with it somehow. Many, myself included, dodged x86 processors in favor of simpler ones where possible.

    Likewise, Hu (1992) and this report (1995) listed caches as sources of timing channels with Hu designing a mitigation in 1990-1992. Mitigation may or may not work but problem was known with Karger’s VAX VMM work widely read in INFOSEC field. VAX Secure VMM at least attempted to mitigate it before it was cancelled for marketing reasons. Security folks that didn’t do their research were reporting on other forums that it was discovered in 2005 rather than them just ignoring the security standards and prior work like usual.

    For comparison purposes, the other one I submitted recently does a systematic analysis of modern processors: