[Cryptography] Can crypto implement OS/FS protections ?

Tom Mitchell mitch at niftyegg.com
Fri Nov 25 19:56:20 EST 2022


On Sat, Nov 19, 2022 at 6:02 PM Henry Baker <hbaker1 at pipeline.com> wrote:
>
> I've been wondering how many of the current OS/page table and file
> system protections can be theoretically implemented via cryptography.
>
> I'm ignoring O(1) -- constant -- factors, so the CPU could conceivably be
> executing public key operations for every instruction cache fill operation.
>
> For example, any *return addresses* could conceivably be stored on the
> stack and cryptographically signed in such a manner that they couldn't be
> spoofed by an attacker.

Explore it in the context of an ABI and link editor.
One challenge is linked lists, single and doubly linked.
Dig into the VM under all the almost universal interpreted languages.
Exceptional attention given to garbage collection will be needed.
Page tables will have to be reconsidered.   Variable size page tables
and fixed size.
Then parent child interactions including return codes, shared data and
code multi threading (pfork),
A single process could emulate a minix/unix  OS port without hardware
support for demand page
fault handling with a full user space exception handler (See Idris).

SGI's Irix built in some robustness into their system with expanded
per block vertical block parity because DRAM was
throwing too many errors in Denver (cosmic ray interaction). The
parity exception handler could then repair most errors
and restart.   Subsequent machines had more robust ECC (DRAM and new
x86_64 hardware may have improved on this).
Look at encrypted file system code and push to swap space.
ECC with swizzled bit patterns could be interesting.


More information about the cryptography mailing list