Security compartmentalisation
Thotheolh Tay
twzgerald at ...9...
Sun Jul 26 11:08:08 CEST 2015
Hi,
Thanks for the detailed replies. From the inputs you guys gave, the
instances must be sandboxed via calling different instances.
I have successfully compiled a L4Linux/Fiasco.OC and got the ISO running on
bare metal. If I want to achieve the isolation of programs in different
multiple L4Linux instances, are there any options to execute from the bare
metal L4Linux/Fiasco.OC to spawn multiple instances at the same time and
switch between them ?
An example is to run a crypto server on one L4Linux instance that have
access to sensitive key materials while exposing e.g. port 11111 on
loopback network so that instance #2 will only be able to call instance #1
for crypto to protect from infection by malwares accessing memory spaces
and sensitive files with a particular instance ?
Thanks & Regards,
Thoth.
On 26 Jul 2015 14:30, "Wolfgang Schmidt" <w_schmidt at ...181...> wrote:
> Hi,
> If both processes (malware and secured process) are running in same linux
> instance there will ne no additional protection. If You habe different,
> totally seperated (*) instances, the attack room is smaller. If the attack
> vector of the malware is independend of processes it still can so harm.
> Lets construct an example. 2013 Shamir showed a Side Chanel where a
> Smartphone listening to CPU sounds could reconstruct a GnuPG key by noices.
> Take a Computer with attached microphone ( or integrated like tablet,
> Laptop, ...) and let the malware be running in an environment accessing the
> microphone a similiar scenario can be used directly in the device. As a
> thought: You can also use a timer to see how active the generic scheduler
> of genode is. With a high accuracy timer you can see how mich time your
> process takes and therefore recompute how the cpu is utilized.
>
> Best regards
> Wolfgang
>
> * you will never have totally separated processes as you will always have
> some genode components which can be seen as shared ressource. You will also
> not have a bug free system.
> ------------------------------
> Von: Thotheolh Tay <twzgerald at ...9...>
> Gesendet: 26.07.2015 06:44
> An: genode-main at lists.sourceforge.net
> Betreff: Security compartmentalisation
>
> Hi,
>
> I would like some help understanding the below described scenario.
>
> An L4Linux/Genode/Fiasco.OC is used as the secure environment. If a
> malware is executed on a process thread on the L4Linux layer, say to scrape
> the L4Linux to do memory dumps or to access the filesystem for crypto key
> files, how will the above setup protect against a malicious process thread
> ? An example being a PGP email crypto program running on a process thread
> with another process thread infected by a malware.
>
> Thanks & Regards,
> Thoth.
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20150726/36b08a8c/attachment.html>
More information about the users
mailing list