17 Dec
2003
17 Dec
'03
11:17 p.m.
Matt Blaze writes:
The trivial way to handle this is simply to check user time with the right system calls and make sure it always comes out the same with an apropriate number of sleeps.
Of course, this works against a remote adversary, but not against one on the same machine who can look at actual CPU consumption (which doesn't increase when the target is blocked).
True enough, but using busy loops could handle that. However, I must admit to being far more interested in handling the remote case efficiently, especially given concerns people have about using Photuris like systems on heavily pounded servers. Perry