Memory and Address Protection Covert Channels

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

Memory Management Chapter 7.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
CSIE30300 Computer Architecture Unit 10: Virtual Memory Hsin-Chou Chi [Adapted from material by and
Memory Management Questions answered in this lecture: How do processes share memory? What is static relocation? What is dynamic relocation? What is segmentation?
CSC 4250 Computer Architectures December 8, 2006 Chapter 5. Memory Hierarchy.
Memory Management Design & Implementation Segmentation Chapter 4.
Chapter 101 Virtual Memory Chapter 10 Sections and plus (Skip:10.3.2, 10.7, rest of 10.8)
Chapter 8.3: Memory Management
Memory Management 2010.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.
MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.
Chapter 5: Memory Management Dhamdhere: Operating Systems— A Concept-Based Approach Slide No: 1 Copyright ©2005 Memory Management Chapter 5.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
SE571 Security in Computing
Computer Organization
Systems Security & Audit Operating Systems security.
G53SEC 1 Reference Monitors Enforcement of Access Control.
CSE431 L22 TLBs.1Irwin, PSU, 2005 CSE 431 Computer Architecture Fall 2005 Lecture 22. Virtual Memory Hardware Support Mary Jane Irwin (
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 3: Operating-System Structures System Components Operating System Services.
By Teacher Asma Aleisa Year 1433 H.   Goals of memory management  To provide a convenient abstraction for programming  To allocate scarce memory resources.
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.
Security in Operating Systems Cuiwei Zhao. Security in Operating System §Security breaches §Security goals §Protected objects of the general purpose operating.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
1 Memory Management Chapter 7. 2 Memory Management Subdividing memory to accommodate multiple processes Memory needs to be allocated to ensure a reasonable.
1 Memory Management Basics. 2 Program P Basic Memory Management Concepts Address spaces Physical address space — The address space supported by the hardware.
By Teacher Asma Aleisa Year 1433 H.   Goals of memory management  To provide a convenient abstraction for programming.  To allocate scarce memory.
1 Memory Management Chapter 7. 2 Memory Management Subdividing memory to accommodate multiple processes Memory needs to be allocated to ensure a reasonable.
Paging (continued) & Caching CS-3013 A-term Paging (continued) & Caching CS-3013 Operating Systems A-term 2008 (Slides include materials from Modern.
Lecture 18 Windows – NT File System (NTFS)
Chapter 7 Memory Management Eighth Edition William Stallings Operating Systems: Internals and Design Principles.
Introduction to Computer Programming using Fortran 77.
Memory Management Chapter 5 Advanced Operating System.
ACCESS MATRIX IMPLEMENTATION AND COMPARISON By: Rushabh Dharwadkar Roll no: TE COMP.
Review A program is… a set of instructions that tell a computer what to do. Programs can also be called… software. Hardware refers to… the physical components.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
Computer Security: Chapter 5 Operating Systems Security.
Chapters 3 and 5 Possible questions
Chapter 7 Memory Management
Memory Management Chapter 7.
Introduction to Operating Systems
Memory Management.
Chapter 2 Memory and process management
Memory COMPUTER ARCHITECTURE
Chapter 8: Main Memory.
COMBINED PAGING AND SEGMENTATION
Chapter 2: System Structures
Operating System Structure
Bruhadeshwar Meltdown Bruhadeshwar
Operating Systems Security
Introduction to Operating Systems
Lecture 14 Virtual Memory and the Alpha Memory Hierarchy
Chapter 17: Confinement Problem
Intro. To Operating Systems
Chapter 1 Introduction to Operating System Part 5
Process Description and Control
Lecture 3: Main Memory.
Database Systems Instructor Name: Lecture-3.
Operating System Chapter 7. Memory Management
Chapter 2: Operating-System Structures
Information Security CS 526
Chapter 29: Program Security
CSE451 Virtual Memory Paging Autumn 2002
CS703 - Advanced Operating Systems
Chapter 2 Operating System Overview
Information Security CS 526
Virtual Memory Lecture notes from MKP and S. Yalamanchili.
Chapter 2: Operating-System Structures
COMP755 Advanced Operating Systems
Presentation transcript:

Memory and Address Protection Covert Channels CSCI283 Fall 2005 GWU Draws extensively from Memon’s notes, Brooklyn Poly And Pfleeger text, Chapters 3 and 4

CS283/Fall05/GWU/Vora/Various Memory protection Protecting one program’s memory from another Use boundaries in the memory Fence: fixed and with fence register Relocation Base and Bounds Registers Tagged Architecture Segmentation Paging 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Boundaries OS OS OS OS A Program Space User A Program Space User Program Space User B User Program Space User B Program Space A Data Space User C 11/22/2018 CS283/Fall05/GWU/Vora/Various

Problems with boundaries Only differentiate between two types of access. Any other differentiation requires mentioning in machine language. Only protect contiguous bytes What do you do when you want to protect some of the bytes, from some of the entities, at specific times (e.g. only the first time and not again)? 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Tagged Architecture Not very common Tag each word of machine memory specifying access rights Examples: Hasn’t taken off because requires OS to check the access rights of each byte. Intel I960 used one bit of each word to denote that word as a “capability” (or not). The other bits then represented the access rights to the following memory bytes. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Segmentation Tag certain segments of a program: Array data Code for a single procedure Collection of local data values used by a module Segment has a name, and the OS creates a segment table with segment name and beginning address in memory Each item within a segment is addressed as <name, offset> where offset is offset from the beginning of the segment Address reference passes through OS Processes have certain types of access to certain segments at certain times 11/22/2018 CS283/Fall05/GWU/Vora/Various

Problems with segmentation One similar to buffer overflow: offset too large. Every accessed address needs to be checked during execution Looking up segment names is slow; translated to numbers. Numbers might be different for different processes: problem Inefficient use of memory because memory broken up into fragments (this can be addressed using fixed-size segments, or pages of contiguous bytes; however this does not allow choosing varuious access rights for various bytes) Hence Paged Segmentation: Program divided into logical units (segments) Each segment divided into fixed-sized pages 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Covert Channels A covert channel is a path of communication that was not designed to be used for communication. Say p is a Trojan horse watching Poorvi write the T/F answers in the test. q is the student who wrote the Trojan horse and has an account on seas. To send message p creates a file named outputs in q’s directory on seas. In this file, the number of spaces between two words reveals a bit of information: 2 spaces is True, one space is False. q can deny everything if accused. Different from traditional crypto in the sense that not only is message encrypted, but an opponent cannot even determine if it is present. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Storage channel A covert storage channel uses an attribute of the shared resource, like whether a file is locked or not. This attribute can be checked at pre-determined time intervals. The Trojan horse p can create and erase a directory in q’s account, with a pre-determined name at pre-determined intervals. If p does not have such access to the same a/c as q, p can signal 1’s by creating a large file so that q cannot if he tries to as well. Observe p and q need to share a resource and a time cycle. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Timing channel A covert timing channel uses a temporal or ordering relationship among accesses to a shared resource. It can also be thought of as a shared resource channel where the shared resource is time. Examples: Timing attack on RSA (time of decryption helps factor n). Works on all modular exponentiation, used to break smartcard security. Not strictly covert in the sense that the leaked information is really unintentional. Leak information by using or not using allotted time slice. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Other covert channels Electromagnetic field attack on smartcards (surrounding emf tells you something about the key used) Watermarking can be another covert channel Difficult to detect covert channels 11/22/2018 CS283/Fall05/GWU/Vora/Various

Detection of Covert Channel To detect covert channels one can examine what resources are being shared – Kemmerer Shared Resource Matrix Methodology. P Q File existence R,M R File lock File label File size Shared Resource Matrix R – means attribute is read M – means attribute is modified. 11/22/2018 CS283/Fall05/GWU/Vora/Various

Checking for Covert Channels The following properties must hold for a storage channel to exist: Both sending and receiving process must have access to the same attribute of a shared object. The sending process must be able to modify the attribute of the shared object. The receiving process must be able to reference that attribute of the shared object. A mechanism for initiating both processes and properly sequencing their respective accesses to the shared resource must exist. Similar properties for timing channel can be listed 11/22/2018 CS283/Fall05/GWU/Vora/Various

Mitigating Covert Channels Total isolation – declare all resources prior to execution which are then solely allocated to process and released when process terminates. Difficult to achieve in practice. Obscure the amount of resources a process uses. By making usage uniform - For example, fixed time slice allotted whether process uses it or not. By injecting randomness. Both affect efficiency. 11/22/2018 CS283/Fall05/GWU/Vora/Various

Information Flow Policies Information flow policies define the way information moves through the system. Deigned to preserve confidentiality and/or integrity. For example: privacy contracts expressed online in P3P Access controls constrain rights of users but do not fully constrain information flow in a system. Compile time and run-time mechanisms needed for checking information flow. 11/22/2018 CS283/Fall05/GWU/Vora/Various

Information Flow – Informal Definition What do we mean by information flow? Example y := x; What is the information flow here? What does knowledge about y tell about x before and after the statement? y := x / z; What about here? A command sequence c causes a flow of information from x to y if knowledge about x given y before the sequence c is executed decreases after the command sequence is executed. Note: { tmp := x; y := tmp; } has information flowing from x to y but no information is flowing from tmp! Can be formalized with notion of entropy and conditional entropy. 11/22/2018 CS283/Fall05/GWU/Vora/Various

Information Flow Examples x := y + z; if x + y < z then a := b else d := b * c – x; x = f(y1, y2) Write(y, F) Read(y, F) 11/22/2018 CS283/Fall05/GWU/Vora/Various

Execution Based Mechanisms Consider if x == 1 then y := a else y := b; Information flows from x and a or x and b to y. But if a <= y only if some other variable z is 1 then compiler has no way of checking this. Need run time mechanisms. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Total Isolation Process can be observed and this may leak information. Total isolation – a process that cannot be observed and cannot communicate with other processes cannot leak information. Total isolation is hard to achieve with shared computer systems. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Isolation One can isolate a process by Present it with an environment that appears to be a computer running only that process or processes to be isolated – virtual machine. An environment is provided in which the process actions are analyzed to determine if they leak information – sandbox. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Virtual Machines A virtual machine is a program that simulates the hardware of a (possibly abstract) computer system. It runs on a virtual machine monitor that virtualizes the resources of the underlying system and presents to each virtual machine the illusion that it alone is using the hardware. One advantage of virtual machines is that existing operating systems need not be modified. 11/22/2018 CS283/Fall05/GWU/Vora/Various

CS283/Fall05/GWU/Vora/Various Sandboxes A sandbox is an environment in which the actions of a process are restricted according to a security policy. Enforcements may be restricted in two ways: Sandbox can limit executable environment by, for example, adding extra security checking mechanisms to the libraries or kernels. Programs themselves do not need to be modified. Java sandbox for downloaded applets. Modify programs to be executed. For example, add instructions to perform memory access checks. 11/22/2018 CS283/Fall05/GWU/Vora/Various

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.