DOCSLIB.ORG

Mitigation of Virtunoid Attacks on Cloud Computing Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mitigation of Virtunoid Attacks on Cloud Computing Systems IT 15 005 Examensarbete 15 hp Februari 2015 Mitigation of Virtunoid Attacks on Cloud Computing Systems Daniel McKinnon Forsell Institutionen för informationsteknologi Department of Information Technology Abstract Mitigation of Virtunoid Attacks on Cloud Computing Systems Daniel McKinnon Forsell Teknisk- naturvetenskaplig fakultet UTH-enheten Virtunoid is a proof of concept exploit abusing a vulnerability in the open source hardware virtualisation control program QEMU-KVM. The vulnerability originally Besöksadress: stems from improper hotplugging of emulated embedded circuitry in the Intel PIIX4 Ångströmlaboratoriet Lägerhyddsvägen 1 southbridge resulting in memory corruption and dangling pointers. The exploit can be Hus 4, Plan 0 used to compromise the availability of the virtual machine, or to escalate privileges compromising the confidentiality of the resources in the host system. The research Postadress: presented in this dissertation shows that the discretionary access control system, Box 536 751 21 Uppsala provided by default in most Linux operating systems, is insufficient in protecting the QEMU-KVM hypervisor against the Virtunoid exploit. Further, the research presented Telefon: in this dissertation shows that the open source solutions AppArmor and grsecurity 018 – 471 30 03 enhances the Linux operating system with additional protection against the Virtunoid Telefax: exploit through mandatory access control, either through profiling or role-based 018 – 471 30 00 access control. The research also shows that the host intrusion prevention system PaX does not provide any additional protection against the Virtunoid exploit. The Hemsida: comprehensive and detailed hands-on approach of this dissertation holds the ability to http://www.teknat.uu.se/student be reproduced and quantified for comparison necessary for future research. Handledare: Edith C. H. Ngai Ämnesgranskare: Björn Victor Examinator: Olle Gällmo IT 15 005 Tryckt av: Reprocentralen ITC Abstract Virtunoid is a proof of concept exploit abusing a vulnerability in the open source hardware virtualisation control program QEMU-KVM. The vulnerability originally stems from improper hotplugging of emulated embedded circuitry in the Intel PIIX4 southbridge resulting in memory corruption and dangling point- ers. The exploit can be used to compromise the availability of the virtual ma- chine, or to escalate privileges compromising the confidentiality of the resources in the host system. The research presented in this dissertation shows that the discretionary access control system, provided by default in most Linux oper- ating systems, is insufficient in protecting the QEMU-KVM hypervisor against the Virtunoid exploit. Further, the research presented in this dissertation shows that the open source solutions AppArmor and grsecurity enhances the Linux op- erating system with additional protection against the Virtunoid exploit through mandatory access control, either through profiling or role-based access control. The research also shows that the host intrusion prevention system PaX does not provide any additional protection against the Virtunoid exploit. The com- prehensive and detailed hands-on approach of this dissertation holds the ability to be reproduced and quantified for comparison necessary for future research. Acknowledgements During 2014 I spent the summer and autumn at the Department of Information Technology at Uppsala University, Sweden, to conduct research and write my bachelor of science dissertation in computer science. Information technology and IT-security have long been a great passion for me personally, and I am very grateful to have been given the opportunity to perform my research as a member of the departments research community. I would like to extend my gratitude to Dr. Edith Ngai for her supervision of my work and her invaluable insights, guidance, and support. Further, I would also like to thank Dr. Björn Victor for his excellent support as my reviewer ensuring the quality of my work. Uppsala, February 2015 vii Contents 1 Introduction 1 1.1 The Realm of Virtualisation . 2 1.2 SecurityThreats ........................... 3 1.3 Problem Formulation . 4 1.4 Experiment Variables . 4 1.4.1 Dependent Variables . 5 1.4.2 IndependentVariables . 5 1.5 Research Question . 5 1.6 Research Project Outline . 5 1.7 Delimination of the Research Project . 5 1.8 Structure of the Dissertation . 6 2 Related Work 7 2.1 Security Aspects Related to Virtualisation . 7 2.2 Defining Virtualisation Security and Related Vulnerabilities . 9 2.3 Protecting KVM . 10 3 Technical Foundations 13 3.1 ThreeTypesofHypervisors . 13 3.2 The Family of Unix-like Operating Systems . 15 3.3 At the Inner Core of The Linux Operating System . 15 3.4 Linux Security Modules Framework to Affirm Choice . 16 3.5 TheKernel-basedVirtualMachine . 17 3.6 QEMU – Quick EMUlator . 17 3.7 QEMU-KVM Symbiosis . 18 3.8 Mandatory Access Control with AppArmor . 18 3.9 Role-based Access Control with grsecurity . 19 4 Introducing the Vulnerability and the Exploit 21 4.1 The CVE-2011-1751 Vulnerability . 21 4.2 Elaborating on The Exploit . 25 5 Executing Virtunoid in Different Settings 29 5.1 Preparing the Lab Environment . 29 5.2 TheLabHostSystem ........................ 30 5.3 Reconnaissance and Information Gathering . 34 5.4 Setting Up the Attack . 35 5.5 BackDoorAssuringContinuedAccess . 36 ix 5.6 SecuringtheSystemwithAppArmor . 38 5.7 Enabling the grsecurity Role-based Access Control System . 40 5.8 Hardening the System Using PaX . 42 6 Results 45 6.1 Results . 45 6.2 Testing the Attack Without Protection . 45 6.3 Mandatory Access Control using AppArmor . 47 6.4 Role-based Access Control using grsecurity . 48 6.5 Kernel Security Hardening using PaX . 49 6.6 SummaryandComparisonoftheMethods. 50 7 Discussion 53 7.1 TheMethod.............................. 53 7.2 Limitations to the Research . 54 7.3 AppArmor . 54 7.4 grsecurity/PaX . 55 8 Conclusions and Future Work 57 x List of Figures 1.1 Virtualisation-based cloud computing [30] . 2 3.1 Simplified type 1 hypervisor architecture [30] . 14 4.1 SimplifiedComputerArchitecture[4] . 22 4.2 Intel 82371AB (PIIX4) Southbridge Circuitry Architecture [15] . 23 4.3 The data structures in the real-time clock emulation layer . 24 4.4 RTCState freed after unplugging the ISA bridge . 25 4.5 Using QEMU-KVM network stack to inject data to old RTCState 26 5.1 Theexperimentsetup ........................ 30 5.2 Cryptographic hashes for QEMU-KVM binaries . 32 5.3 Linux Debian guest operating system . 34 5.4 CreatingarawTCPsocket . 37 5.5 AppArmor learning the behaviour of QEMU-KVM . 39 5.6 Creating the AppArmor profile for QEMU-KVM . 40 5.7 QEMU-KVM AppArmor profile . 41 5.8 Verifying that grsecurity RBAC is activated . 41 5.9 Saving the learning experience to a plain-text file . 41 5.10 Verifying the signature . 42 5.11 Configuringthekernel . 43 6.1 View from Kali Linux before and after the attack . 46 6.2 View from the guest system after the attack . 46 6.3 View from the host server system after the attack . 46 6.4 Cracking the cryptographic hash . 47 6.5 Theguestvirtualmachinecrashed . 48 6.6 AppArmor log entry . 48 6.7 Verifying that grsecurity RBAC is activated . 49 6.8 Output from Virtunoid . 49 6.9 Testing QEMU-KVM with all PaX flags activated . 50 xi List of Tables 5.1 Detailed software specification . 30 5.2 Detailed hardware specification Apple MacBook MB467LL/A . 31 5.3 Relevant binaries and respective cryptographic hashes . 33 6.1 Tabular comparison of the methods . 51 xiii Chapter 1 Introduction Cloud computing as a term is focused on the concept of hiding technical aspects through abstraction. The term is often used in business contexts where the need for technical depth might not be particularly high [6]. Cloud computing systems in the context of this dissertation project is defined as the high level technological concept implemented to make a transition from the traditional and physical server room into the cloud. The cloud, at a lower level, consist of abstract virtual server machines. These virtual machines are virtualised by so called virtual machine management software [6]. Replacing the traditional local server room with off site multi tenancy cloud computing systems is becoming increasingly popular [6]. This transition comes with serious risks and threats against the confidentiality and availability of information technology assets [41]. These issues must be addressed to sus- tain the stakeholders trust in these attractive systems. At the heart of most virtualisation-based cloud computing systems lies the hypervisor [1], i.e. the hardware virtualisation control program responsible for abstracting hardware to provide entire virtual computer systems. QEMU-KVM is a popular open- source hypervisor available for Linux-based operating systems [31]. Virtunoid is a proof of concept exploit abusing a vulnerability in the QEMU-KVM hy- pervisor that could be used for guest to host breakout and privilege escalation [27]. The research presented in this dissertation shows that the discretionary ac- cess control, provided by default in most Unix-like operating systems [1], is in- sufficient in protecting against a number of vulnerabilities related to the QEMU- KVM hypervisor and, as presented in this dissertation, against the Virtunoid exploit in particular. This research project tries to identify solutions that can be used to protect the QEMU-KVM hypervisor against so called guest to host arbitrary code execution made possible by so called dangling pointer bugs. Dan- gling pointer bugs are a
Load more

Recommended publications
  • Storage Administration Guide Storage Administration Guide SUSE Linux Enterprise Server 12 SP4
    SUSE Linux Enterprise Server 12 SP4 Storage Administration Guide Storage Administration Guide SUSE Linux Enterprise Server 12 SP4 Provides information about how to manage storage devices on a SUSE Linux Enterprise Server. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xii 2 Giving Feedback xiv 3 Documentation Conventions xiv 4 Product Life Cycle and Support xvi Support Statement for SUSE Linux Enterprise Server xvii • Technology Previews xviii I FILE SYSTEMS AND MOUNTING 1 1 Overview
    [Show full text]
  • Security Assurance Requirements for Linux Application Container Deployments
    NISTIR 8176 Security Assurance Requirements for Linux Application Container Deployments Ramaswamy Chandramouli This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 NISTIR 8176 Security Assurance Requirements for Linux Application Container Deployments Ramaswamy Chandramouli Computer Security Division Information Technology Laboratory This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 October 2017 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology NISTIR 8176 SECURITY ASSURANCE FOR LINUX CONTAINERS National Institute of Standards and Technology Internal Report 8176 37 pages (October 2017) This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. This p There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each ublication is available free of charge from: http publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST.
    [Show full text]
  • Course Outline & Schedule
    Course Outline & Schedule Call US 408-759-5074 or UK +44 20 7620 0033 Suse Linux Advanced System Administration Curriculum Linux Course Code SLASA Duration 5 Day Course Price $2,425 Course Description This instructor led SUSE Linux Advanced System Administration training course is designed to teach the advanced administration, security, networking and performance tasks required on a SUSE Linux Enterprise system. Targeted to closely follow the official LPI curriculum (generic Linux), this course together with the SUSE Linux System Administration course will enable the delegate to work towards achieving the LPIC-2 qualification. Exercises and examples are used throughout the course to give practical hands-on experience with the techniques covered. Objectives The delegate will learn and acquire skills as follows: Perform administrative tasks with supplied tools such as YaST Advanced network configuration Network troubleshooting and analysing packets Creating Apache virtual hosts and hosting user web content Sharing Windows and Linux resources with SAMBA Configuring a DNS server and configuring DNS logging Configuring a DHCP server and client Sharing Linux network resources with NFS Creating Unit Files Configuring AutoFS direct and indirect maps Configuring a secure FTP server Configuring a SQUID proxy server Creating Btrfs subvolumes and snapshots Backing-up and restoring XFS filesystems Configuring LVM and managing Logical Volumes Managing software RAID Centralised storage with iSCSI Monitoring disk status and reliability with SMART Perpetual
    [Show full text]
  • How SUSE Helps Pave the Road to S/4HANA
    White Paper How SUSE Helps Pave the Road to S/4HANA Sponsored by: SUSE and SAP Peter Rutten Henry D. Morris August 2017 IDC OPINION According to SAP, there are now 6,800 SAP customers that have chosen S/4HANA. In addition, many more of the software company's customers still have to make the decision to move to S/4HANA. These customers have to determine whether they are ready to migrate their database for mission-critical workloads to a new database (SAP HANA) and a new application suite (S/4HANA). Furthermore, SAP HANA runs on Linux only, an operating environment that SAP customers may not have used extensively before. This white paper discusses the choices SAP customers have for migrating to S/4HANA on Linux and looks at how SUSE helps customers along the way. SITUATION OVERVIEW Among SAP customers, migration from traditional databases to the SAP HANA in-memory platform is continuing steadily. IDC's Data Analytics Infrastructure (SAP) Survey, November 2016 (n = 300) found that 49.3% of SAP customers in North America are running SAP HANA today. Among those that are not on SAP HANA, 29.9% will be in two to four years and 27.1% in four to six years. The slower adopters say that they don't feel rushed, stating that there's time until 2025 to make the decision, and that their current databases are performing adequately. While there is no specific order that SAP customers need to follow to get to S/4HANA, historically businesses have often migrated to SAP Business Warehouse (BW) on SAP HANA first as BW is a rewarding starting point for SAP HANA for two reasons: there is an instant performance improvement and migration is relatively easy since BW typically does not contain core enterprise data that is business critical.
    [Show full text]
  • Securing Server Applications Using Apparmor TUT-1179
    Securing Server Applications Using AppArmor TUT-1179 Brian Six Sales Engineer – SUSE [email protected] 1 Agenda AppArmor Introduction How to interact and configure Demo with simple script Can AppArmor help with containers Final thoughts 2 Intro to AppArmor 3 What is AppArmor? Bad software does what it shouldn’t do Good software does what it should do Secure software does what it should do, and nothing else AppArmor secures the Good and the Bad software 4 What is AppArmor? Mandatory Access Control (MAC) security system Applies policies to Applications Access to files and paths, network functions, system functions 5 What is AppArmor? Dynamic for existing profiled applications Regardless of the “user” the process is running as, the policy can be enforced. Root is no exception. 6 What is AppArmor? 7 Architecture Logging and OS Component Application Alerting AppArmor AppArmor Interface Application Profile AppArmor Linux Kernel 2.6 and later LSM Interface 8 How To Interact And Configure 9 How To Interact With AppArmor Apparmor-Utils First Install package 10 How To Interact With AppArmor Used more often 11 What Do Some Of These Do aa-status: Display aa-genprof : Create aa-logprof: Update aa-complain: Set a aa-enforce: Set a status of profile a profile an existing profile profile in complain profile in enforce enforcement mode mode 12 Common Permissions r – read w – write k – lock ux - unconstrained execute Ux - unconstrained execute – scrub px – discrete profile execute Px - discrete profile execute – scrub ix - inherit execute cx - local security profile l – link a – append m - mmap 13 Profile At-A-Glance https://doc.opensuse.org/documentation/leap/archive/42.3/security/html/book.security/cha.apparmor.profiles.html # a comment about foo's local (children) profile for #include <tunables/global> /usr/bin/foobar.
    [Show full text]
  • Novell SUSE Linux Package Description and Support Level Information for Contracted Customers and Partners
    Novell SUSE Linux Package Description and Support Level Information for Contracted Customers and Partners Definitions and Support Level Descriptions ACC: Additional Customer Contract necessary L1: Installation and problem determination, which means technical support Configuration designed to provide compatibility information, installation assistance, usage support, on-going maintenance and basic troubleshooting. Level 1 Support is not intended to correct product defect errors. L2: Reproduction of problem isolation, which means technical support designed to Potential Issues duplicate customer problems, isolate problem area and provide resolution for problems not resolved by Level 1 Support. L3: Code Debugging and problem resolution, which means technical support designed Patch Provision to resolve complex problems by engaging engineering in resolution of product defects which have been identified by Level 2 Support. Servicelevel Package Short Name Package Description SLES10 SP3 s390x 844-ksc-pcf Korean 8x4x4 Johab Fonts L2 a2ps Converts ASCII Text into PostScript L2 aaa_base SUSE Linux Base Package L3 aaa_skel Skeleton for Default Users L3 aalib An ASCII Art Library L2 aalib-32bit An ASCII Art Library L2 aalib-devel Development Package for AAlib L2 aalib-devel-32bit Development Package for AAlib L2 acct User-Specific Process Accounting L3 acl Commands for Manipulating POSIX Access Control Lists L3 adaptec-firmware Firmware files for Adaptec SAS Cards (AIC94xx Series) L3 agfa-fonts Professional TrueType Fonts L2 aide Advanced Intrusion Detection Environment L2 alsa Advanced Linux Sound Architecture L3 alsa-32bit Advanced Linux Sound Architecture L3 alsa-devel Include Files and Libraries mandatory for Development. L2 alsa-docs Additional Package Documentation. L2 amanda Network Disk Archiver L2 amavisd-new High-Performance E-Mail Virus Scanner L3 amtu Abstract Machine Test Utility L2 ant A Java-Based Build Tool L3 anthy Kana-Kanji Conversion Engine L2 anthy-devel Include Files and Libraries mandatory for Development.
    [Show full text]
  • Writing Kernel Exploits
    Writing kernel exploits Keegan McAllister January 27, 2012 Keegan McAllister Writing kernel exploits Why attack the kernel? Total control of the system Huge attack surface Subtle code with potential for fun bugs Keegan McAllister Writing kernel exploits Kernel security Kernel and user code coexist in memory Kernel integrity depends on a few processor features: Separate CPU modes for kernel and user code Well-defined transitions between these modes Kernel-only instructions and memory Keegan McAllister Writing kernel exploits User vs. kernel exploits Typical userspace exploit: Manipulate someone's buggy program, locally or remotely Payload runs in the context of that user Typical kernel exploit: Manipulate the local kernel using system calls Payload runs in kernel mode Goal: get root! Remote kernel exploits exist, but are much harder to write Keegan McAllister Writing kernel exploits Scope We'll focus on the Linux kernel and 32-bit x86 hardware. Most ideas will generalize. References are on the last slides. Keegan McAllister Writing kernel exploits Let's see some exploits! We'll look at Two toy examples Two real exploits in detail Some others in brief How to harden your kernel Keegan McAllister Writing kernel exploits NULL dereference Keegan McAllister Writing kernel exploits A simple kernel module Consider a simple Linux kernel module. It creates a file /proc/bug1. It defines what happens when someone writes to that file. Keegan McAllister Writing kernel exploits bug1.c void (*my_funptr)(void); int bug1_write(struct file *file, const char *buf, unsigned long len) { my_funptr(); return len; } int init_module(void){ create_proc_entry("bug1", 0666, 0) ->write_proc = bug1_write; return 0; } Keegan McAllister Writing kernel exploits The bug $ echo foo > /proc/bug1 BUG: unable to handle kernel NULL pointer dereference Oops: 0000 [#1] SMP Pid: 1316, comm: bash EIP is at 0x0 Call Trace : [<f81ad009>] ? bug1_write+0x9/0x10 [bug1] [<c10e90e5>] ? proc_file_write+0x50/0x62 ..
    [Show full text]
  • High Velocity Kernel File Systems with Bento
    High Velocity Kernel File Systems with Bento Samantha Miller, Kaiyuan Zhang, Mengqi Chen, and Ryan Jennings, University of Washington; Ang Chen, Rice University; Danyang Zhuo, Duke University; Thomas Anderson, University of Washington https://www.usenix.org/conference/fast21/presentation/miller This paper is included in the Proceedings of the 19th USENIX Conference on File and Storage Technologies. February 23–25, 2021 978-1-939133-20-5 Open access to the Proceedings of the 19th USENIX Conference on File and Storage Technologies is sponsored by USENIX. High Velocity Kernel File Systems with Bento Samantha Miller Kaiyuan Zhang Mengqi Chen Ryan Jennings Ang Chen‡ Danyang Zhuo† Thomas Anderson University of Washington †Duke University ‡Rice University Abstract kernel-level debuggers and kernel testing frameworks makes this worse. The restricted and different kernel programming High development velocity is critical for modern systems. environment also limits the number of trained developers. This is especially true for Linux file systems which are seeing Finally, upgrading a kernel module requires either rebooting increased pressure from new storage devices and new demands the machine or restarting the relevant module, either way on storage systems. However, high velocity Linux kernel rendering the machine unavailable during the upgrade. In the development is challenging due to the ease of introducing cloud setting, this forces kernel upgrades to be batched to meet bugs, the difficulty of testing and debugging, and the lack of cloud-level availability goals. support for redeployment without service disruption. Existing Slow development cycles are a particular problem for file approaches to high-velocity development of file systems for systems.
    [Show full text]
  • Versa 2700 Series Service and Reference Guide
    SOLD BY laptopia2005 DO NOT RESELL!! PROPRIETARY NOTICE AND LIABILITY DISCLAIMER The information disclosed in this document, including all designs and related materials, is the valuable property of NEC Computer Systems Division, Packard Bell NEC, Inc. (NECCSD, PBNEC) and/or its licensors. NECCSD and/or its licensors, as appropriate, reserve all pat- ent, copyright and other proprietary rights to this document, including all design, manufactur- ing, reproduction, use, and sales rights thereto, except to the extent said rights are expressly granted to others. The NECCSD product(s) discussed in this document are warranted in accordance with the terms of the Warranty Statement accompanying each product. However, actual performance of each such product is dependent upon factors such as system configuration, customer data, and operator control. Since implementation by customers of each product may vary, the suitability of specific product configurations and applications must be determined by the customer and is not warranted by NECCSD. To allow for design and specification improvements, the information in this document is subject to change at any time, without notice. Reproduction of this document or portions thereof without prior written approval of NECCSD is prohibited. NEC is a registered trademark, Versa is a U.S. registered trademark, VersaGlide, and PortBar are trademarks, and UltraCare is a U.S. registered service mark of NEC Corporation, used under license. FaxFlash is a service mark of NEC Computer Systems Division (NECCSD), Packard Bell NEC, Inc. All other product, brand, or trade names used in this publication are the property of their respective owners. Second Printing — November 1997 Copyright 1997 NEC Computer Systems Division, Packard Bell NEC, Inc.
    [Show full text]
  • 3. Das LPC-Interface 3.1
    PCTEC14 Seite 1 3. Das LPC-Interface 3.1. Grundlagen 3.1.1. Einsatzgebiet LPC = Low Pin Count Interface Specification (= “Interface mit geringer Anschlußzahl”). Das LPC-Interface ist ein synchroner Zeitmultiplex-Bus, an den vorzugsweise PC-typische “Standard- und Klein-Peripherie” angeschlossen werden soll. Das betrifft Floppy-Disk-Controller, Tastatur-Controller, Realzeituhr, Schnittstellen-Controller, Audio-Hardware, Systemverwaltungseinrichtungen usw. sowie ROM-Speicheranordnungen (für POST, BIOS, Systemverwaltung usw.). LPC ist ein Interface zwischen Schaltkreisen auf jeweils einer einzigen Leiterplatte (vorzugsweise: auf einem PC-Motherboard); Steckplätze (Slots) sind nicht vorgesehen. LPC soll den bisher als Schaltkreis-Interface verwendeten ISA- bzw. X-Bus ablösen (Abbildungen 3.1 bis 3.3). Die LPC-Spezifikation wurde von Intel entwickelt und 1997 erstmals veröffentlicht (sie ist im Internet zugänglich). Die Entwicklungsziele: # etwas Moderneres als den ISA- oder X-Bus, # beträchtliche Verringerung der Leitungs- und Anschlußzahlen (Kostensenkung), # funktionelle Abwärtskompatibilität zum ISA- bzw. X-Bus (LPC soll dieselben Zugriffe ausführen können: Speicherzugriffe, E-A-Zugriffe, DMA-Betrieb, Busmasterbetrieb, Unterstützung von Wartezuständen, Interruptsignalisierung), # Unterstützung des gesamten linearen Speicheradreßraums (4 GBytes), # Unterstützung von Sonderfunktionen und -betriebsarten (Stromsparsteuerung, Systemverwaltung), # synchrone Arbeitsweise, # Datenraten und Latenzzeiten in derselben Größenordnung wie beim ISA- bzw. X-Bus (LPC muß nicht “schneller” sein; eine Datenrate von 1...2 MBytes/s genügt vollkommen), # Unterstützung weiterer (moderner) Bussysteme (z. B. USB) ist nicht erforderlich (an ein LPC-Interface werden grundsätzlich keine USB-Controller o. dergl. angeschlossen). Abbildung 3.1 Herkömmliches Motherboard mit X-Bus (nach: Intel) Erklärung: Die in der Abbildung dargestellten Speicher- und E-A-Schaltkreise werden herkömmlicherweise direkt an den ISA- Bus oder an den X-Bus angeschlossen.
    [Show full text]
  • New Security Enhancements in Red Hat Enterprise Linux V.3, Update 3
    New Security Enhancements in Red Hat Enterprise Linux v.3, update 3 By Arjan van de Ven Abstract This whitepaper describes the new security features that have been added to update 3 of Red Hat Enterprise Linux v.3: ExecShield and support for NX technology. August 2004 Table of Contents Introduction 2 Types of Security Holes 2 Buffer Overflows 3 Countering Buffer Overflows 4 Randomization 6 Remaining Randomization: PIE Binaries 7 Compatibility 8 How Well Does it Work? 9 Future Work 10 ¢¡¤£¦¥¨§ © ¤ ¦ ¨¢ ¨ ! ¨! "¨ $#!© ¨%¦&¨¦ ¨! ¤' ¨¡(*)+¤-, ¡ ¡¤.!+ !£§ ¡¤%/ 01, © 02 ".§ + § ¨.)+.§ 3¦01¡.§4§ .© 02 .§ + § ¨.)+.§ 3¦01¡54¢! . !! !© 6¢'7.!"¡ .§.8¡.%¨¦ § © ¨0 #© %8&9© 0:§ ¨ ¨© 02 .§ ¨+ § ¨.)+¤§ 3;¡!54#!© %!0;<=¡.§ >!¨, ¨0 ¦?@BA$¨C.6B'ED8F ! Introduction The world of computer security has changed dramatically in the last few years. Network security used to be about one dedicated hacker trying to get into one government computer, but now it is often about automated mass attacks. The SQL Slammer and Code Red worms were the first wide-scale computer security incidents to get mainstream press coverage. Linux has had similar, less-invasive worms in the past, such as the Slapper worm of 2002. Another relatively new phenomenon is that compromised computers are primarily being used for other purposes, including sending spam or participating in Distributed Denial of Service (DDOS) attacks. A contributing factor to the mass-compromise problem is that a large portion1 of users and system administrators generally do not apply the security fixes that are provided by the operating system vendor. This leaves a significant number of vulnerable machines connected to the Internet at all times. Providing security updates after the fact, however, is not sufficient.
    [Show full text]
  • Pentium III Processor Active Thermal Management Techniques
    Pentium® III Processor Active Thermal Management Techniques Application Note August 2000 Order Number: 273405-001 Information in this document is provided in connection with Intel® products. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. Except as provided in Intel's Terms and Conditions of Sale for such products, Intel assumes no liability whatsoever, and Intel disclaims any express or implied warranty, relating to sale and/or use of Intel products including liability or warranties relating to fitness for a particular purpose, merchantability, or infringement of any patent, copyright or other intellectual property right. Intel products are not intended for use in medical, life saving, or life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined.” Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The Pentium® III processor may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placin g your product order. Copies of documents which have an ordering number and are referenced in this document, or other Intel literature may be obtained by calling 1-800- 548-4725 or by visiting Intel's website at http://www.intel.com. Copyright © Intel Corporation, 2000 *Third-party brands and names are the property of their respective owners.
    [Show full text]