From 352095ca865a4ff4478838a80ca5a678d8899634 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 13 Oct 2023 19:56:22 +0200 Subject: [PATCH] Simplify the relaxed output-output rule Signed-off-by: Gilles Peskine --- docs/architecture/psa-shared-memory.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/architecture/psa-shared-memory.md b/docs/architecture/psa-shared-memory.md index 61d37dbff1..e71eed405b 100644 --- a/docs/architecture/psa-shared-memory.md +++ b/docs/architecture/psa-shared-memory.md @@ -91,7 +91,8 @@ The following rules guarantee that shared memory cannot result in a security vio * Never read the same input twice at the same index. * Never read back from an output. -* Once potentially confidential data has been written to an output, it may not be overwritten. (This rule is more complex to allow writing non-confidential data first, for example to pre-initialize an output to zero for robustness.) +* Never write to the output twice at the same index. + * This rule can usefully be relaxed in many circumstances. It is ok to write data that is independent of the inputs (and not otherwise confidential), then overwrite it. For example, it is ok to zero the output buffer before starting to process the input. These rules are very difficult to enforce.