Imagine a system where sensitive data exists. The Operating System(OS) reinforces the security by making sure only processes with higher privileges can read those information. To prevent a higher privileged process pass the information to outside world, the OS makes sure a higher privileged process cannot access internet or cannot write data for a lower privileged process. A lower privileged process cannot read sensitive data and it can access internet if it needs to. Authorized employees use a higher process data when they want to do something critical such money transaction etc. Usual employees use lower privileged processes to check gmail, Instagram, Facebook, YouTube etc websites.
To strengthen security, all the data are encrypted with a private key.
Modern Operating Systems prohibits write-down and read-up. This means a process with higher privilege can not write information for a process with lower priory and a process with lower priority cannot read data which is meant for a higher-priority process. If a malicious process through some means, gain access to run as a higher privileged process, it will try to pass sensitive information to lower priority process which can in turn pass the information to outside. Because write down is prohibited, the higher privileged process cannot pass the information to the lower privileged process. One fact about the host OS is that if a file exists in a system with higher privilege, if a lower privileged program tries to read it, the OS will notify the lower privileged program by saying that the process cannot read the file because it does not have enough privilege to do so. If the file does not exist, the OS will notify that the file does not exist. This behavior of the OS can be exploited to pass sensitive information.
We will call the higher-privileged malicious program high_process and lower-privileged malicious process low_process. Imagine the higher privileged program gets access to private key of the system. It is known that the system has 4 bit keys. The specific secret key for the system is "1001". Here is how the 4 bits can be passed.
0. high_process creates a file demon.txt in root directory.
1. low_process at some specified time, finds existence of demon.txt file, low_process now knows that the high_process has access to the secret key.
2. On a specified time, lets say 10 pm, the high_process creates a file evil.txt in the root direcotry.
3. At 10:00:01 pm, low_process tries to read evil.txt and OS says the file exists but it cannot read it becaue of privilege issue. The low_process knows the first bit is 1.
4. The second key bit is 0, so after 30 seconds, the high_process deletes the evil.txt file
5. 31 seconds later the low_process tries to read evil.txt and finds the OS saying The file does not exists. The low_process knows the second bit of the key is 0.
This keeps going and soon enough, the low_process has access to the private key of the user and it can safely pass it to outside.
Reference:
0. https://www.amazon.com/Network-Security-Private-Communication-Public/dp/0130460192
To strengthen security, all the data are encrypted with a private key.
Modern Operating Systems prohibits write-down and read-up. This means a process with higher privilege can not write information for a process with lower priory and a process with lower priority cannot read data which is meant for a higher-priority process. If a malicious process through some means, gain access to run as a higher privileged process, it will try to pass sensitive information to lower priority process which can in turn pass the information to outside. Because write down is prohibited, the higher privileged process cannot pass the information to the lower privileged process. One fact about the host OS is that if a file exists in a system with higher privilege, if a lower privileged program tries to read it, the OS will notify the lower privileged program by saying that the process cannot read the file because it does not have enough privilege to do so. If the file does not exist, the OS will notify that the file does not exist. This behavior of the OS can be exploited to pass sensitive information.
We will call the higher-privileged malicious program high_process and lower-privileged malicious process low_process. Imagine the higher privileged program gets access to private key of the system. It is known that the system has 4 bit keys. The specific secret key for the system is "1001". Here is how the 4 bits can be passed.
0. high_process creates a file demon.txt in root directory.
1. low_process at some specified time, finds existence of demon.txt file, low_process now knows that the high_process has access to the secret key.
2. On a specified time, lets say 10 pm, the high_process creates a file evil.txt in the root direcotry.
3. At 10:00:01 pm, low_process tries to read evil.txt and OS says the file exists but it cannot read it becaue of privilege issue. The low_process knows the first bit is 1.
4. The second key bit is 0, so after 30 seconds, the high_process deletes the evil.txt file
5. 31 seconds later the low_process tries to read evil.txt and finds the OS saying The file does not exists. The low_process knows the second bit of the key is 0.
This keeps going and soon enough, the low_process has access to the private key of the user and it can safely pass it to outside.
Reference:
0. https://www.amazon.com/Network-Security-Private-Communication-Public/dp/0130460192
No comments:
Post a Comment