Menu
▾
▴
Re: [Syllable-kernel] Syllable security and "trusted computing"
|
From: Mark W. <mar...@cl...> - 2005-04-29 16:18:02
|
> would require ring 0. OTOH, it's quite possible that rings 1 and 2 are > essentially useless unless you are writing some old-style segmented > memory or 16/32-bit OS. I think the usual way to do this is to overlay multiple segments (with the same base) with different privilege levels. I think it can be worked as a straightforward extension of the usual x86 tricks: map ring0-only memory at the top of memory, then ring 1's private space, then ring 2's private space. Then have a set of segments with different privilege levels that permit access to the relevant range of linear memory. Sound sane? > Perhaps that explains why the only OS I could > find which uses more than 2 rings was OS/2, which uses ring 2 for user > code segments with privileges to access I/O ports directly. Interesting, I never knew what OS/2 did with those rings :-) You don't need this for user IO privileges, though - can still restrict IO port access on a per-process basis (even with IOPL = 3) by setting bits in the TSS IO bitmap. With Syllable using hardware task-switching, this should Just Work, rewriting the TSS IO bitmap on context switches would be necessary for s/w switching (with suitable tracking in place, this needn't have high overhead). Cheers, Mark > > FWIW, here are the names of the four different privilege modes used by > VMS. I still need to learn what the two inner levels are used for, but > at least the names give a hint as to the level of "need to know" > privileges that each layer of a more-secure OS might have: > > 0 - kernel > 1 - executive > 2 - supervisor > 3 - user > > I have a couple of notes here on the requirements needed for a Syllable > user to be able to "fully control any storage or disclosure" of whatever > personal info they want to protect: > > - user data in the pagefile would be encrypted (using a randomly > generated key stored in RAM only) > > - secure browsing mode: > - no caching of pages/images to disk > - URL history tracking in memory only > - no cookies saved, or optional encrypted cookie file > > - support for encrypting any file saved to disk, configured at the file > or folder level (see NTFS). > > - no unauthorized screen grabs or keystroke/mouse loggers. > - built-in secure delete (see GNU shred). > > - "magic key sequence" always pops up the OS-provided task manager or > login screen (e.g. Windows CTRL-ALT-DEL) and can't be trapped by > malicious programs to create a fake login screen. > > Jake > > > ------------------------------------------------------- > SF.Net email is sponsored by: Tell us your software development plans! > Take this survey and enter to win a one-year sub to SourceForge.net > Plus IDC's 2005 look-ahead and a copy of this survey > Click here to start! http://www.idcswdc.com/cgi-bin/survey?id=105hix > _______________________________________________ > Syllable-kernel mailing list > Syl...@li... > https://lists.sourceforge.net/lists/listinfo/syllable-kernel |
