AW: Security compartmentalisation

[Wolfgang Schmidt]

Hi,
If both processes (malware and secured process) are running in same linux instance there will ne no additional protection. If You habe different, totally seperated (*) instances, the attack room is smaller. If the attack vector of the malware is independend of processes it still can so harm. Lets construct an example. 2013 Shamir showed a Side Chanel where a Smartphone listening to CPU sounds could reconstruct a GnuPG key by noices. Take a Computer with attached microphone ( or integrated like tablet, Laptop, ...) and let the malware be running in an environment accessing the microphone a similiar scenario can be used directly in the device. As a thought: You can also use a timer to see how active the generic scheduler of genode is. With a high accuracy timer you can see how mich time your process takes and therefore recompute how the cpu is utilized. 

Best regards
Wolfgang

* you will never have totally separated processes as you will always have some genode components which can be seen as shared ressource. You will also not have a bug free system. 

----- Ursprüngliche Nachricht -----
Von: "Thotheolh Tay" <twzgerald at ...9...>
Gesendet: ‎26.‎07.‎2015 06:44
An: "genode-main at lists.sourceforge.net" <genode-main at lists.sourceforge.net>
Betreff: Security compartmentalisation

Hi,

I would like some help understanding the below described scenario.

An L4Linux/Genode/Fiasco.OC is used as the secure environment. If a malware
is executed on a process thread on the L4Linux layer, say to scrape the
L4Linux to do memory dumps or to access the filesystem for crypto key
files, how will the above setup protect against a malicious process thread
? An example being a PGP email crypto program running on a process thread
with another process thread infected by a malware.

Thanks & Regards,
Thoth.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20150726/20151c1b/attachment.html>