QuiiBz
commented
2 years ago because of Spectre attacks and the likes, they had to harden the V8 isolate security model.
That's true, see their Security Model documentation: https://developers.cloudflare.com/workers/learning/security-model/
An Isolate by itself should be mostly secure, but there are a few important things to keep in mind:
- The added runtime APIs should be minimalist and only provide access to the necessary and allowed resources for a specific deployment (filesystem calls, fetch...)
- Timers must be disabled to prevent side channel timing attacks
- Monitoring of each isolate's resources is mandatory, in order to detect potentially uncommon patterns
- We can separate isolates into multiple processes with restricted access
I'm not an expert on this kind of stuff, but we take security very seriously. Feel free (I'm speaking for anyone reading this) to share your knowledge on this topic, that would be greatly appreciated!
I vaguely remember (I could be wrong) that CF mentioned that, because of Spectre attacks and the likes, they had to harden the V8 isolate security model. What's your take on this?