Hi, Thanks for the detailed replies. From the inputs you guys gave, the instances must be sandboxed via calling different instances.
I have successfully compiled a L4Linux/Fiasco.OC and got the ISO running on bare metal. If I want to achieve the isolation of programs in different multiple L4Linux instances, are there any options to execute from the bare metal L4Linux/Fiasco.OC to spawn multiple instances at the same time and switch between them ? An example is to run a crypto server on one L4Linux instance that have access to sensitive key materials while exposing e.g. port 11111 on loopback network so that instance #2 will only be able to call instance #1 for crypto to protect from infection by malwares accessing memory spaces and sensitive files with a particular instance ? Thanks & Regards, Thoth. On 26 Jul 2015 14:30, "Wolfgang Schmidt" <w_schm...@gmx.de> wrote: > Hi, > If both processes (malware and secured process) are running in same linux > instance there will ne no additional protection. If You habe different, > totally seperated (*) instances, the attack room is smaller. If the attack > vector of the malware is independend of processes it still can so harm. > Lets construct an example. 2013 Shamir showed a Side Chanel where a > Smartphone listening to CPU sounds could reconstruct a GnuPG key by noices. > Take a Computer with attached microphone ( or integrated like tablet, > Laptop, ...) and let the malware be running in an environment accessing the > microphone a similiar scenario can be used directly in the device. As a > thought: You can also use a timer to see how active the generic scheduler > of genode is. With a high accuracy timer you can see how mich time your > process takes and therefore recompute how the cpu is utilized. > > Best regards > Wolfgang > > * you will never have totally separated processes as you will always have > some genode components which can be seen as shared ressource. You will also > not have a bug free system. > ------------------------------ > Von: Thotheolh Tay <twzger...@gmail.com> > Gesendet: 26.07.2015 06:44 > An: genode-main@lists.sourceforge.net > Betreff: Security compartmentalisation > > Hi, > > I would like some help understanding the below described scenario. > > An L4Linux/Genode/Fiasco.OC is used as the secure environment. If a > malware is executed on a process thread on the L4Linux layer, say to scrape > the L4Linux to do memory dumps or to access the filesystem for crypto key > files, how will the above setup protect against a malicious process thread > ? An example being a PGP email crypto program running on a process thread > with another process thread infected by a malware. > > Thanks & Regards, > Thoth. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > genode-main mailing list > genode-main@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/genode-main > >
------------------------------------------------------------------------------
_______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
