Comments (3)
ndauten
commented on August 12, 2024
Hi @gezedo:
Thanks for the complements!
As per the security issue of WP bit being set: great observation! In our design we take this into account, but our implementation does not.
The solution is expressed as Invariant I9 and described in Section 3.7 of the Nested Kernel APSLOS paper.
The quick answer for how we address the problem is to ensure that all instances of instructions that modify cr0 have an identity mapping to nested kernel code. So effectively there may be a move to cr0 at some virtual address Vc. We ensure that the physical address Vc is a nested kernel controlled function that will check for such situations.
But I do want to make it clear that our current implementation does not do this and is thus insecure to this attack.
Please let me know if you have any other questions.
from perspicuos.
gezedo
commented on August 12, 2024
Thanks for clarification.
While I am not very familiar with neither x86 nor FreeBSD arch (I am more focused on ARM/Linux), I have a few other questions:
- Can interrupts happens when the outer kernel runs (I assume yes) ?
- Might interrupt processing path execute outer kernel code (with WP bit enabled, of course) ?
- Is the interrupted context saved in a secure location (protected from outer kernel writes) ?
from perspicuos.
ndauten
commented on August 12, 2024
Hi @gezedo
Sorry for my delay in responding: I'm completing my dissertation right now so future responses may be a bit delayed.
re: interrupts> Interrupts can occur while the outer kernel is in execution
re: wp-disabled on interrupts> Interrupts go through a nested kernel handler before any control is passed to the outer kernel. On each path the outer kernel the nested kernel enables the WP-bit.
re: interrupt context> The nested kernel operates atomically: interrupts are disabled and complete all required tasks: it never goes to the outer kernel and back to finish. Therefore, there is never any context that must be kept between invocations to the nested kernel. There is of course state in the nested kernel that persists, but this is all protected by readonly MMU policies.
Best,
::nathan::
from perspicuos.
Related Issues (6)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from perspicuos.