summaryrefslogtreecommitdiff
path: root/security/advanced/frm_process_thread.tex
diff options
context:
space:
mode:
Diffstat (limited to 'security/advanced/frm_process_thread.tex')
-rw-r--r--security/advanced/frm_process_thread.tex293
1 files changed, 271 insertions, 22 deletions
diff --git a/security/advanced/frm_process_thread.tex b/security/advanced/frm_process_thread.tex
index b58a452..ed9bfc3 100644
--- a/security/advanced/frm_process_thread.tex
+++ b/security/advanced/frm_process_thread.tex
@@ -3,7 +3,30 @@
% ----------------------------
\begin{frame}[fragile]
-\frametitle{Why isolating tasks?}
+\frametitle{Why Process isolation?}
+\begin{itemize}
+\item Embedded Application requires:
+ \begin{itemize}
+ \item concurrency
+ \item data persistence
+ \item access to (critical) HW
+ \item remote interface (field bus, network)
+ \end{itemize}
+\item Problem:
+ \begin{itemize}
+ \item attacks can compromise Application parts, which handle the remote access
+ \item compromised parts influence all other parts
+ \end{itemize}
+\item Solution:
+ \begin{itemize}
+ \item Process isolation
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Multithreaded Application}
\begin{figure}[h]
\centering
\includegraphics[width=5cm]{images/multithread_norm.png}
@@ -21,7 +44,50 @@
% ----------------------------
\begin{frame}[fragile]
-\frametitle{Multi-process vs. Multi-thread}
+\frametitle{Threads and Processes}
+\begin{itemize}
+\item Process
+ \begin{itemize}
+ \item one Virtual Address Space (VAS) per Process
+ \item 1..n Threads
+ \end{itemize}
+\item Thread
+ \begin{itemize}
+ \item separate schedulable entity
+ \item concurrent execution
+ \end{itemize}
+\item all Threads of a Process share the same VAS!
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Multiprocess vs. Multithread}
+\begin{itemize}
+\item Problem: if one Thread has been compromised \dots
+ \begin{itemize}
+ \item all other Threads of the Process are affected
+ \item malicious code has full access to VAS
+ \end{itemize}
+\item Solution Statement
+ \begin{enumerate}
+ \item define critical and non-critical tasks in Application
+ \item define a communication channel between both parts
+ \item isolate critical and non-critical tasks in separate Processes
+ \end{enumerate}
+\item Result
+ \begin{itemize}
+ \item compromised tasks can not directly access other parts
+ \item isolate malware/exploits from critical Application parts
+ \item opt: Plausibility check on communication channel
+ \end{itemize}
+\item \textbf{Process isolation is the base for ALL further security actions!}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Multiprocess Application}
\begin{figure}[h]
\centering
\includegraphics[width=8cm]{images/multiproc_norm.png}
@@ -30,7 +96,7 @@
% ----------------------------
\begin{frame}[fragile]
-\frametitle{Multi-process under attack}
+\frametitle{Multiprocess Application under attack}
\begin{figure}[h]
\centering
\includegraphics[width=8cm]{images/multiproc_attack.png}
@@ -38,14 +104,27 @@
\end{frame}
% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Multiprocess: Summary}
+\begin{itemize}
+\item Thread: separate scheduling/execution
+\item Process: separate scheduling/execution and memory (VAS)
+\item Communication: use Inter-Process-Communication (IPC) to connect Processes
+\item and all together: \\
+ \textbf{Process isolation is the base for ALL further security actions!}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
\subsubsection{Memory Management}
% ----------------------------
\begin{frame}[fragile]
-\frametitle{Memory Manangement}
+\frametitle{Memory Management}
\begin{itemize}
-\item create process context
-\item overload VMA
+\item fork(): create copy of Process context
+\item IPC: communication mechanisms
+\item execve(): overload Process context and execute it
\end{itemize}
\begin{figure}[h]
\centering
@@ -58,34 +137,35 @@
% ----------------------------
\begin{frame}[fragile]
-\frametitle{Multiprocess Programming}
+\frametitle{Multiprocess Programming: Example}
\begin{columns}[onlytextwidth]
\begin{column}{0.45\textwidth}
\begin{beamerboxesrounded}[shadow=true]{Program:}
- \begin{tiny}
+ \begin{scriptsize}
\begin{verbatim}
[...]
-pid = fork();
-switch (pid) {
-case -1:
- /* error handling */
-case 0:
- /* child processing */
- execve(argv[0], &argv[0], envp);
- break;
-default:
+ret = fork();
+if (ret < 0)
+ /* error handling */;
+
+pid = ret;
+if (pid) {
/* parent processing */
[...]
pid = wait(&status);
+} else {
+ /* child processing */
+ execve(argv[0], &argv[0], envp);
+ break;
}
[...]
\end{verbatim}
- \end{tiny}
+ \end{scriptsize}
\end{beamerboxesrounded}
\end{column}
\begin{column}{0.45\textwidth}
\begin{beamerboxesrounded}[shadow=true]{Arguments:}
- \begin{tiny}
+ \begin{scriptsize}
\begin{verbatim}
char *argv[] = {
"/bin/myappl",
@@ -94,10 +174,10 @@ char *argv[] = {
NULL,
};
\end{verbatim}
- \end{tiny}
+ \end{scriptsize}
\end{beamerboxesrounded}
\begin{beamerboxesrounded}[shadow=true]{Environment:}
- \begin{tiny}
+ \begin{scriptsize}
\begin{verbatim}
char *envp[] = {
"HOME=/myhome",
@@ -106,7 +186,176 @@ char *envp[] = {
NULL,
};
\end{verbatim}
- \end{tiny}
+ \end{scriptsize}
+ \end{beamerboxesrounded}
+ \end{column}
+\end{columns}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Inter-Process Communication (IPC)}
+\begin{itemize}
+\item Requirements
+ \begin{itemize}
+ \item communicate between Processes (e.g. Child to Parent)
+ \item private communication channel
+ \end{itemize}
+\item Solution Statement
+ \begin{enumerate}
+ \item open an anonymous pipe
+ \item duplicate process with fork()
+ \item Parent and Child choose a communication role
+ \begin{itemize}
+ \item Sender: close the read-FD and send data to write-FD
+ \item Listener: close the write-FD and listen on read-FD
+ \end{itemize}
+ \end{enumerate}
+\item Note:
+ \begin{itemize}
+ \item pipe-syscall opens two file-descriptors \\
+ (one for read from, and one for write to the pipe)
+ \item after fork-syscall, both processes has access to pipe file-descriptors
+ \item pipe communication is unidirectional
+ \end{itemize}
+\item Result
+ \begin{itemize}
+ \item private communication between Parent and Child
+ \item decoupled, buffered communication through pipe
+ \end{itemize}
+\item other IPC mechanisms (e.g. POSIX IPC) are also possible
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{IPC: Example with anonymous pipe (child -> parent)}
+\begin{columns}[onlytextwidth]
+ \begin{column}{0.45\textwidth}
+ \begin{beamerboxesrounded}[shadow=true]{Open Pipe before fork():}
+ \begin{scriptsize}
+ \begin{verbatim}
+int fds[2];
+
+/* open pipe file-descriptors */
+ret = pipe(fds);
+if (ret)
+ /* error handling */;
+
+ret = fork();
+if (ret < 0)
+ /* error handling */;
+pid = ret;
+
+/*
+ * Both processes, parent and
+ * child, has now access to the
+ * opened pipe file-descriptors.
+ */
+ \end{verbatim}
+ \end{scriptsize}
+ \end{beamerboxesrounded}
+ \end{column}
+ \begin{column}{0.45\textwidth}
+ \begin{beamerboxesrounded}[shadow=true]{Parent (Listener):}
+ \begin{scriptsize}
+ \begin{verbatim}
+if (pid) {
+ /* close pipe-write-fd */
+ close(fds[1]);
+
+ /* read data from pipe-read-fd */
+ while ((ret = read(fds[0],
+ &buf,1) > 0))
+ /* handle read data */;
+} else {
+ [...]
+}
+ \end{verbatim}
+ \end{scriptsize}
+ \end{beamerboxesrounded}
+ \begin{beamerboxesrounded}[shadow=true]{Child (Sender):}
+ \begin{scriptsize}
+ \begin{verbatim}
+if (pid) {
+ [...]
+} else {
+ /* close pipe-read-fd */
+ close(fds[0]);
+
+ /* send data to pipe-write-fd */
+ write(fds[1], buf,
+ strnlen(buf, BUF_LEN));
+}
+ \end{verbatim}
+ \end{scriptsize}
+ \end{beamerboxesrounded}
+ \end{column}
+\end{columns}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{IPC: Example with anonymous pipe (parent -> child)}
+\begin{columns}[onlytextwidth]
+ \begin{column}{0.45\textwidth}
+ \begin{beamerboxesrounded}[shadow=true]{Open Pipe before fork():}
+ \begin{scriptsize}
+ \begin{verbatim}
+int fds[2];
+
+/* open pipe file-descriptors */
+ret = pipe(fds);
+if (ret)
+ /* error handling */;
+
+ret = fork();
+if (ret < 0)
+ /* error handling */;
+pid = ret;
+
+/*
+ * Both processes, parent and
+ * child, has now access to the
+ * opened pipe file-descriptors.
+ */
+ \end{verbatim}
+ \end{scriptsize}
+ \end{beamerboxesrounded}
+ \end{column}
+ \begin{column}{0.45\textwidth}
+ \begin{beamerboxesrounded}[shadow=true]{Parent (Sender):}
+ \begin{scriptsize}
+ \begin{verbatim}
+if (pid) {
+ /* close pipe-read-fd */
+ close(fds[0]);
+
+ /* send data to pipe-write-fd */
+ write(fds[1], buf,
+ strnlen(buf, BUF_LEN));
+} else {
+ [...]
+}
+ \end{verbatim}
+ \end{scriptsize}
+ \end{beamerboxesrounded}
+ \begin{beamerboxesrounded}[shadow=true]{Child (Listener):}
+ \begin{scriptsize}
+ \begin{verbatim}
+if (pid) {
+ [...]
+} else {
+ /* close pipe-write-fd */
+ close(fds[1]);
+
+ /* read data from pipe-read-fd */
+ while ((ret = read(fds[0],
+ &buf, 1) > 0))
+ /* handle read data */;
+}
+ \end{verbatim}
+ \end{scriptsize}
\end{beamerboxesrounded}
\end{column}
\end{columns}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-09 23:18:19 +0000