Re: Privilege Levels Below User

Liste des GroupesRevenir à c arch 
Sujet : Re: Privilege Levels Below User
De : mitchalsup (at) *nospam* aol.com (MitchAlsup1)
Groupes : comp.arch
Date : 07. Jun 2024, 21:40:34
Autres entêtes
Organisation : Rocksolid Light
Message-ID : <2ad84effd7f284445e0d8b90e0170f09@www.novabbs.org>
References : 1
User-Agent : Rocksolid Light
John Savard wrote:

This may be a silly idea... but it seems to be the sort of thing that
current concerns about computer security may be calling for.

It is typical for computers to have a privileged mode of operation,
wherein I/O operations and certain special changes to the state of the
computer are allowed that are barred to normal computational  tasks.

For various reasons, miscreants have not been completely foiled by the
existence of this feature.
Most of the miscreations have to do with allowing microarchitectural state to be come visible through a high precision timing mechanism,
not with the skirting of privilege.

Some types of instruction that are required for normal computation are
still, to a certain extent, potentially harmful.

So I am thinking it might be useful to have, for example, two states
less privileged than the user state, and some mechanism for user
programs to call subroutines which are in that state until they return
- the return instruction being limited, sort of like a supervisor
call, so it can only return in a proper manner.
In My 66000, the Monitor, Hypervisor, Supervisor, and guest can
share the dynamic libraries contining no privileged instructions.
And since there is only 1 such instruction it is easy to check.
However, a Pthread can transfer control to another Pthread without
privilege in a single instruction.

The first reduced-privilege state would not allow any branch
instructions, particularly conditional branches.
Are My 66000 predication shadows considered "branching" since they
do not alter where the Fetch end of the pipeline is working??
Are My 66000 Switch instructions considered branches ?? since the
transfer table is in .text and relative to the current switch
instruction?
Are Supervisor Calls "brnches" since they go to controlled entry points??
Are Supervisor Returns "branches" since they to to controlled return points ??

The second, in addition, would not allow any access to memory, only
allowing access to registers.

To use these states to aid in security, more is required.

For one thing, blocks of memory would need to be able to be marked as
not only containing code or data, but as containing code that runs at
one of these reduced privilege levels.
How are you going to perform elementary functions {SIN, COS, EXP, LOG}?

And then comes the payaoff: a block of memory could be marked as
writeable, but yet containing executable code, for things like
just-in-time compilation...
A C compiler is an application running in a different process. Why
is a JIT "not like that" ??
                              but as only containing code at one of
these reduced privilege levels. Thus preventing the generation of code
containing branches or memory accesses, as desired, while allowing the
generation of computational sequences.

John Savard

Date Sujet#  Auteur
7 Jun 24 * Privilege Levels Below User119John Savard
7 Jun 24 +- Re: Privilege Levels Below User1MitchAlsup1
7 Jun 24 +* Re: Privilege Levels Below User9MitchAlsup1
9 Jun 24 i`* Re: Privilege Levels Below User8John Savard
10 Jun 24 i `* Re: Privilege Levels Below User7Lawrence D'Oliveiro
10 Jun 24 i  `* Re: Privilege Levels Below User6John Savard
10 Jun 24 i   +* Re: Privilege Levels Below User4MitchAlsup1
11 Jun 24 i   i+* Re: Privilege Levels Below User2John Savard
11 Jun 24 i   ii`- Re: Privilege Levels Below User1Lawrence D'Oliveiro
11 Jun 24 i   i`- Re: Privilege Levels Below User1Lawrence D'Oliveiro
11 Jun 24 i   `- Re: Privilege Levels Below User1Lawrence D'Oliveiro
8 Jun 24 +* Re: Privilege Levels Below User4Lawrence D'Oliveiro
8 Jun 24 i+- Re: Privilege Levels Below User1John Dallman
8 Jun 24 i`* Re: Not history, Privilege Levels Below User2John Levine
9 Jun 24 i `- Re: Not history, Privilege Levels Below User1Lawrence D'Oliveiro
8 Jun 24 +* Re: Privilege Levels Below User66MitchAlsup1
9 Jun 24 i+* Re: Privilege Levels Below User14Lawrence D'Oliveiro
9 Jun 24 ii+- Re: Privilege Levels Below User1David Schultz
10 Jun 24 ii+* Re: Privilege Levels Below User11Lawrence D'Oliveiro
11 Jun 24 iii+- Re: Privilege Levels Below User1Lawrence D'Oliveiro
11 Jun 24 iii`* Re: time-sharing history, Privilege Levels Below User9John Levine
12 Jun 24 iii `* Re: time-sharing history, Privilege Levels Below User8Lawrence D'Oliveiro
12 Jun 24 iii  `* Re: time-sharing history, Privilege Levels Below User7John Levine
12 Jun 24 iii   +- Re: time-sharing history, Privilege Levels Below User1Lawrence D'Oliveiro
12 Jun 24 iii   `* Re: time-sharing history, Privilege Levels Below User5Lynn Wheeler
13 Jun 24 iii    `* Re: time-sharing history, Privilege Levels Below User4Lawrence D'Oliveiro
13 Jun 24 iii     `* Re: time-sharing history, Privilege Levels Below User3Lynn Wheeler
13 Jun 24 iii      `* Re: time-sharing history, Privilege Levels Below User2Lawrence D'Oliveiro
13 Jun 24 iii       `- Re: time-sharing history, Privilege Levels Below User1Lynn Wheeler
24 Oct 24 ii`- Re: Privilege Levels Below User1MitchAlsup1
9 Jun 24 i+* Re: Privilege Levels Below User2Anton Ertl
10 Jun 24 ii`- Re: Privilege Levels Below User1Lawrence D'Oliveiro
10 Jun 24 i+* Re: Privilege Levels Below User8Anton Ertl
11 Jun 24 ii+* Re: Privilege Levels Below User4Lawrence D'Oliveiro
12 Jun 24 iii+- Re: Privilege Levels Below User1Lawrence D'Oliveiro
12 Jun 24 iii`* Re: Privilege Levels Below User2Thomas Koenig
12 Jun 24 iii `- Re: Privilege Levels Below User1Lawrence D'Oliveiro
11 Jun 24 ii`* Re: Privilege Levels Below User3Lawrence D'Oliveiro
12 Jun 24 ii +- Re: Privilege Levels Below User1George Neuner
12 Jun 24 ii `- Re: Privilege Levels Below User1John Dallman
10 Jun 24 i+* Re: Privilege Levels Below User15Terje Mathisen
10 Jun 24 ii+* Re: Privilege Levels Below User4Michael S
11 Jun 24 iii`* Re: Privilege Levels Below User3Lawrence D'Oliveiro
11 Jun 24 iii `* Re: Privilege Levels Below User2MitchAlsup1
12 Jun 24 iii  `- Re: Privilege Levels Below User1Lawrence D'Oliveiro
11 Jun 24 ii+* Re: Privilege Levels Below User5Lawrence D'Oliveiro
12 Jun 24 iii+- Re: Privilege Levels Below User1Lawrence D'Oliveiro
13 Jun 24 iii`* Re: Privilege Levels Below User3MitchAlsup1
13 Jun 24 iii `* Re: Privilege Levels Below User2Lawrence D'Oliveiro
13 Jun 24 iii  `- Re: Privilege Levels Below User1Michael S
11 Jun 24 ii`* Re: Privilege Levels Below User5Terje Mathisen
11 Jun 24 ii `* Re: Privilege Levels Below User4Michael S
12 Jun 24 ii  +- Re: Privilege Levels Below User1Stefan Monnier
13 Jun 24 ii  `* Re: Privilege Levels Below User2Lawrence D'Oliveiro
14 Jun 24 ii   `- Re: Privilege Levels Below User1Lawrence D'Oliveiro
14 Jun 24 i`* Re: Privilege Levels Below User26Paul A. Clayton
14 Jun 24 i `* Re: Privilege Levels Below User25MitchAlsup1
14 Jun 24 i  +* Re: Privilege Levels Below User4Lawrence D'Oliveiro
14 Jun 24 i  i`* Re: Privilege Levels Below User3John Savard
14 Jun 24 i  i `* Re: Privilege Levels Below User2Lawrence D'Oliveiro
15 Jun 24 i  i  `- Re: Privilege Levels Below User1John Dallman
14 Jun 24 i  `* Re: Privilege Levels Below User20John Savard
15 Jun 24 i   `* Re: Privilege Levels Below User19Thomas Koenig
15 Jun 24 i    `* Re: Privilege Levels Below User18Lawrence D'Oliveiro
15 Jun 24 i     +* Re: Privilege Levels Below User3Anton Ertl
15 Jun 24 i     i+- Re: Privilege Levels Below User1Thomas Koenig
16 Jun 24 i     i`- Re: Privilege Levels Below User1Lawrence D'Oliveiro
15 Jun 24 i     `* Re: Privilege Levels Below User14John Dallman
16 Jun 24 i      +* Re: Privilege Levels Below User12Lawrence D'Oliveiro
16 Jun 24 i      i`* Re: Privilege Levels Below User11Michael S
16 Jun 24 i      i `* Re: Privilege Levels Below User10Lawrence D'Oliveiro
16 Jun 24 i      i  `* Re: Privilege Levels Below User9Michael S
16 Jun 24 i      i   +* Re: Privilege Levels Below User3Thomas Koenig
16 Jun 24 i      i   i`* Re: Privilege Levels Below User2Michael S
16 Jun 24 i      i   i `- Re: Privilege Levels Below User1Terje Mathisen
16 Jun 24 i      i   `* Re: Privilege Levels Below User5Lawrence D'Oliveiro
16 Jun 24 i      i    `* Re: Privilege Levels Below User4Michael S
16 Jun 24 i      i     +- Re: Privilege Levels Below User1Lawrence D'Oliveiro
16 Jun 24 i      i     `* Re: Privilege Levels Below User2Torbjorn Lindgren
17 Jun 24 i      i      `- Re: Privilege Levels Below User1Lawrence D'Oliveiro
16 Jun 24 i      `- Re: Privilege Levels Below User1Robert Swindells
8 Jun 24 +* Re: Privilege Levels Below User7BGB
9 Jun 24 i+* Re: Privilege Levels Below User3MitchAlsup1
9 Jun 24 ii`* Re: Privilege Levels Below User2BGB
10 Jun 24 ii `- Re: Privilege Levels Below User1Lawrence D'Oliveiro
10 Jun 24 i`* Re: Privilege Levels Below User3Terje Mathisen
10 Jun 24 i `* Re: Privilege Levels Below User2Anton Ertl
10 Jun 24 i  `- Re: Privilege Levels Below User1BGB
8 Jun 24 +- Re: Privilege Levels Below User1Chris M. Thomasson
9 Jun 24 +* Re: Privilege Levels Below User2John Savard
11 Jun 24 i`- Re: Privilege Levels Below User1Lawrence D'Oliveiro
9 Jun 24 `* Re: Privilege Levels Below User28John Savard
9 Jun 24  +* Re: Privilege Levels Below User25Anton Ertl
9 Jun 24  i`* Re: Privilege Levels Below User24John Savard
9 Jun 24  i +- Re: Privilege Levels Below User1MitchAlsup1
10 Jun 24  i `* Re: Privilege Levels Below User22Anton Ertl
10 Jun 24  i  +- Re: Privilege Levels Below User1MitchAlsup1
11 Jun 24  i  `* Re: Privilege Levels Below User20John Savard
11 Jun 24  i   +* Re: Privilege Levels Below User14MitchAlsup1
11 Jun 24  i   i+* Re: Privilege Levels Below User3MitchAlsup1
11 Jun 24  i   ii`* Re: Privilege Levels Below User2John Savard
11 Jun 24  i   i`* Re: Privilege Levels Below User10John Savard
11 Jun 24  i   `* Re: Privilege Levels Below User5Niklas Holsti
9 Jun 24  `* Re: Privilege Levels Below User2MitchAlsup1

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal