Security Hacks
This is a list of several strange hacks that might supplement the security of a system.
They each apply to capability kernel systems but are probably useful beyond that.
They are not capability patterns.
Whereas capability patterns have a mathematical style, these hacks have an engineering style which involve tradeoffs.
Row Hammer
When the target is a row of DRAM we must ask “How does the attacker target his attack?”.
Considering multiple chips per DIMM the content of adjacent rows are typically (always?) from different pages.
Randomly allocating pages to DRAM thwarts targeting such attacks, but not random damage.
First I would delete the x86 user mode command ‘cflush’.
Most ISA’s lack such commands.
A user mode program could call the kernel when it needed such a function.
If this is too much overhead then you could add a privileged control bit controlling whether cflush was privileged.
If there is a legitimate need for this then evacuate the DRAM page frames that neighbor the target page.
There are other hardware hacks which are more complex and keep a crude conservatice measure of the mal-effects.
Other hardware means cover innocent but damaging crosstalk as well.
This page increases my scepticism of the utility of cflush.
Tartan Confinement
Short answer: turn off camera while tartan is on screen.
Timing crypto code
Crypto code gets caps that arrange:
- Don’t schedule other processors on code processor while running crypto.
- Don’t allow sharing segments between code and other processors.
This needs much elaboration.