google / safeside

Understand and mitigate software-observable side-channels
BSD 3-Clause "New" or "Revised" License
498 stars 54 forks source link

Factoring out public and private data. #81

Closed asteinha closed 5 years ago

asteinha commented 5 years ago

Leaving out the Spectre v1 BTB examples for now.

asteinha commented 5 years ago

LGTM

So I noticed there is a trade off between making this code more reusable and making it easier for someone looking at a single demo to understand it on the first pass. The more we make the code clean and reusable the more the latter goal is made more difficult. I think it's more important the code be clean and reusable than educational, but I wanted to point this out since another goal of SafeSide is to be so folks can be educated about these things. Have you or @mmdriley thought about this?

I think one solution which you've all talked about before is to make blog posts with code snippets that can bring all the different parts into one narrative like the early examples were. (Also I think this is lower priority than the work that's already being done, so I'm not pushing on it. Just bringing it up.)

Also maybe y'all disagree. I'd be interested in hearing that too.

Let's talk about it on our meeting today.