#### Lessons 1. [[03 - Protecting TCB from untrusted applications#Processes & address spaces|Processes and Address Spaces]] 2. [[Memory management in modern processor architectures (Intel x86)|Supporting Address Space on Modern Processors]] 3. [[Memory management in modern processor architectures (Intel x86)#Address translation|Logical/Virtual Addresses & Their Translation]] 4. [[Memory management in modern processor architectures (Intel x86)#x86 address translation|x86 Address Translation]] 5. [[Memory management in modern processor architectures (Intel x86)#Some observations|Some Observations About Address Translation]] 6. [[Protecting program memory in x86 architecture|Protecting Program Memory in the x86 Architecture]]    7. [[Protecting program memory in x86 architecture|Some More Memory Protection Details]] 8. [[Changing privilege levels and system calls|Changing Privilege Level and System Calls]] 9. [[Privileged instructions|Privileged instructions]] 10. [[Attacks against hardware and operating systems|Attacks Against Hardware and Operating Systems]] 11. [[System-level software security techniques|Memory Protection and Software Security]] One of the [[TCB - Trusted Computing Base#Complete mediation|TCB]] requirements mandates, ==TCB must be isolated from untrusted code== ## Processes & address spaces We trust that the hardware works. The hardware provides two mechanisms for isolating the [[TCB - Trusted Computing Base|TCB]] and applications (processes): 1. [[Processor execution modes]] (privilege levels) 2. [[Privileged instructions]] An address space is a unit of protection/isolation. A process/program executes in an address space. A processor executes instructions, and does the following: 1. Extended Instruction Pointer (EIP) holds a pointer to the next instruction 2. Operands point to data which is operated on by an instruction\ 3. Executes next instruction Addresses are logical and must be translated to (or mapped to) actual physical addresses. Two processes may reference the same logical address, but each process's logical address maps to a different physical address. [[TCB - Trusted Computing Base|TCB]] must control the [[Memory management in modern processor architectures (Intel x86)#Address translation|address translation]] process to ensure that executing code can only access memory that is made available to it. ### Highly simplified idea for memory protection • Base and bounds register can limit when user code of a program runs • These registers can only be loaded in system mode (privileged instructions) ==When you are executing user code, you do not have the ability to make system level calls.== ---- ### Sources 1. Georgia Tech Module Lectures from Secure Computer Systems 2. [OMSCS Lecture Notes](https://www.omscs-notes.com/secure-computer-systems/03-protecting-tcb/) 3. Chapter 5 of [Intel 64 and IA-32 Architecture Software Developer's Manual](http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-system-programming-manual-325384.pdf)  4. [Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors](http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf) 5. [Exploiting the DRAM rowhammer bug to gain kernel privileges, Google Project Zero](https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html)