[Cryptography] RISC-V branch predicting
Bill Frantz
frantz at pwpconsult.com
Tue Feb 13 00:10:08 EST 2018
On 2/10/18 at 12:32 PM, leichter at lrw.com (Jerry Leichter) wrote:
>It turns out that the Unix approach - in which process creation
>is assumed to be very inexpensive - is probably better than the
>approach of other OS's, where processes are more expensive to
>create, thus longer-lived and more likely to be subdivided into
>software-enforced security domains. If even Unix processes are
>too expensive - which will likely be the response of browser
>makers to the notion that each individual piece of Javascript
>should be segmented off into its own process - then perhaps we
>should look at hardware and software models of very cheap
>hardware isolation.
There are two worked examples of using Unix processes for
isolation, Postfix and Qmail. In both cases, the solution to
mail server vulnerability has been addressed by isolating the
parts of the server which parse user input.
One security rule I was able to articulate after reading
Bernstein's Qmail paper
<http://cr.yp.to/qmail/qmailsec-20071101.pdf> is: Give the parts
of the program most likely to have bugs the fewest possible
privileges. Bernstein reduces the privileges of some code to
reading it's input stream and writing it's output stream. I say,
any part of the program which parses arbitrary strings is a good candidate.
This kind of isolation is a bit klunky in Unix. It is a lot
easier in some object oriented languages, but using languages to
implement isolation requires including the language runtime in
the security kernel which, in practice, defeats most of the
benefit. Capability operating systems give OS levels of
assurance with the ease of use of object languages.
Unfortunately, these OSes have been experimental for the last 35
or so years.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was
working, the
408-356-8506 | rate of systems being compromised would be
going down,
www.pwpconsult.com | wouldn't it?" -- Marcus Ranum
More information about the cryptography
mailing list