[Cryptography] Swift and cryptography
Bill Frantz
frantz at pwpconsult.com
Thu Jun 12 20:56:45 EDT 2014
On 6/12/14 at 10:37 AM, petertrei at gmail.com (Peter Trei) wrote:
>1. OSs supply memory management services. For efficiency, they generally
>don't clear
>memory when it's returned to the pool, or when reallocated.
>2. OSs swap program space to disk and back. Same problem as above.
>3. Machine level stack operations move the SP up and down, without clearing
>memory
>that's been popped off.
OSs protect processes from each other. If you have data from
more than one security context in a single process, you can't
depend on the OS for protection. Use multiple processes and IPC.
PostFix is a working example of this kind of architecture.
Consider Heartbleed for example. If OpenSSL is used to set up
TLS sessions for a server which creates a separate process for
each connection, at least the OpenSSL private key signing
operations need to be performed in a separate process because
otherwise the connection's security context is being mixed with
the server's security context (the server's private key).
I wrote such a server for CapROS which had this bug. (CapROS
makes interprocess communication easy and fast.) The only saving
grace is the version of OpenSSL I used was from before
Heartbleed was introduced into the code base.
Cheers - Bill
--------------------------------------------------------------
Bill Frantz | There are now so many exceptions to the
408-356-8506 | Fourth Amendment that it operates only by
www.pwpconsult.com | accident. - William Hugh Murray
More information about the cryptography
mailing list