Hi, If both processes (malware and secured process) are running in same linux instance there will ne no additional protection. If You habe different, totally seperated (*) instances, the attack room is smaller. If the attack vector of the malware is independend of processes it still can so harm. Lets construct an example. 2013 Shamir showed a Side Chanel where a Smartphone listening to CPU sounds could reconstruct a GnuPG key by noices. Take a Computer with attached microphone ( or integrated like tablet, Laptop, ...) and let the malware be running in an environment accessing the microphone a similiar scenario can be used directly in the device. As a thought: You can also use a timer to see how active the generic scheduler of genode is. With a high accuracy timer you can see how mich time your process takes and therefore recompute how the cpu is utilized.
Best regards Wolfgang
* you will never have totally separated processes as you will always have some genode components which can be seen as shared ressource. You will also not have a bug free system.
----- Ursprüngliche Nachricht ----- Von: "Thotheolh Tay" <twzgerald@...9...> Gesendet: 26.07.2015 06:44 An: "genode-main@lists.sourceforge.net" genode-main@lists.sourceforge.net Betreff: Security compartmentalisation
Hi,
I would like some help understanding the below described scenario.
An L4Linux/Genode/Fiasco.OC is used as the secure environment. If a malware is executed on a process thread on the L4Linux layer, say to scrape the L4Linux to do memory dumps or to access the filesystem for crypto key files, how will the above setup protect against a malicious process thread ? An example being a PGP email crypto program running on a process thread with another process thread infected by a malware.
Thanks & Regards, Thoth.