Re: Securing data in memory (was "Locking physical memory (fwd)
Forwarded message:
Date: Sat, 28 Nov 1998 17:41:53 +0100 From: Anonymous <nobody@replay.com> Subject: Re: Securing data in memory (was "Locking physical memory (fwd)
What is Choate thinking when he says the ENTIRE OS is run under this?
My mistake. Since it really does only handle individual apps it's of limited utility in the Windows world because of the numerous ways to get system level access.
This is a driver which is used by the application to allocate specific memory buffers in non-swappable memory. It allows the app to lock down those buffers so that they won't swap to disk. These buffers can then be used to hold sensitive data.
Considering that this doesn't prohibit apps from getting access to that memory, it only prohibits that memory page from being written to disk, it has limited utility. It's only real protection is against disk scans. For example a bogus service could gain system level and initiate a DMA transfer of that non-swappable ram into their own address space.
It is neither possible nor desirable to run the ENTIRE OS out of such buffers.
Sure it is. It's the entire reason to have big online memory pools. Idealy you'd have a computer with nothing but gig's and gig's of ram and no hard drive at all.
It is not possible because the OS is already written. It is Windows 3.x/95/98 (see above). That OS does not make the special driver calls which would be necessary to allocate non-swappable memory. You would have to rewrite Windows to use the special calls, which isn't possible for a luser like Choate.
No, simply provide it enough ram it never has to swap out to disk except in the case of updates to files. If ram's that cheap we could do away with the drive completely.
And it's not even desirable. There is no reason to make the ENTIRE OS use non-swappable memory.
They why do I (and you unless youre using a tty) keep adding ram to my Win/Linux/Solaris/AIX/HP/etc. boxes to reduce the swapping that is taking place? It's slow, we put up with it because we can't afford those hundreds of meg's of ram to hold our app and the entire database file (for example).
Most memory is simply not that sensitive. It holds public data, or data which is already on the disk in some form. Putting the ENTIRE OS into non-swappable memory gives up much of the advantage of having virtual memory in the first place. It would be a giant step backwards in OS architecture.
No, it wouldn't. The question of swap or virtual space is one of economics and not computer architecture. If it were economicaly feasible there would be no drives just fast main ram. ____________________________________________________________________ Technology cannot make us other than what we are. James P. Hogan The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
At 11:44 AM 11/28/98 -0600, Jim Choate wrote:
My mistake. Since it really does only handle individual apps it's of limited utility in the Windows world because of the numerous ways to get system level access. [....] Considering that this doesn't prohibit apps from getting access to that memory, it only prohibits that memory page from being written to disk, it has limited utility. It's only real protection is against disk scans.
Sure; it's only trying to do a limited scope of security protection. Trying to protect an entire Win95/98 system is a much bigger job (about like trying to keep water in an upside-down sieve :-) Even running entirely in RAM doesn't prevent applications from stealing keystroke, or stealing each others' RAM, or crashing the graphics subsystem, or hosing the network. Windows NT, under some limited circumstances, has been rated C2 Orange Book, but that only means you can't steal most things without creating a log file entry. Don't expect Win95/98 to be something it's not.
No, it wouldn't. The question of swap or virtual space is one of economics and not computer architecture. If it were economicaly feasible there would be no drives just fast main ram.
Computer architecture is _always_ a technical and economic tradeoff. Why not just run everything out of Level 1 Cache or registers? Disk drive makers keep making faster, cheaper, bigger drives, DRAM makers keep making DRAM faster, cheaper, and bigger, blazingly-fast SRAM makers keep making SRAM blazinglyer, in-between technology makers keep making flash ram and bubble memory in-betweener, bus makers make busses faster, etc., and the whole mess keeps evolving together. Back in the mid-80s, Princeton University got some SDI money for the Massive Memory Machine Project, researching what you could do if you had enough memory for anything you wanted. Even with the CS approaches of the time, you'd do a lot of things differently. Their non-massive toy machine was a 1.5MIPS VAX with 128MB RAM - which took 10 extension racks to hold all the RAM. These days 128MB is cheap, as are 500 MIPS P2s, but 50GB of RAM is still bigger than most machines' busses will hold, and even 2GB of DRAM is a lot bigger and more power-hungry than most laptops can really support, much less 2GB of fast SRAM. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (2)
-
Bill Stewart -
Jim Choate