Computer Memory Types and Management

Questions and Answers

What type of memory is RAM?

Persistent memory

Secondary memory

Volatile memory (correct)

Non-volatile memory

ROM is considered volatile memory.

False

What is the function of the MMU in relation to virtual and physical addresses?

The MMU translates a range of virtual addresses to a range of physical addresses.

The data stored in _____ memory is lost when the device is powered off.

volatile

Match the memory type with its characteristic:

RAM = Data is lost when power is off ROM = Data is retained when power is off SRAM = Used for CPU cache and registers Virtual Memory = May not correspond to real memory location

Which of the following statements is true regarding the TLB?

The TLB can distinguish between virtual addresses in different processes using tags.

Persistent memory is automatically cleared when the power supply is interrupted.

False

What differentiates volatile memory from persistent memory?

Volatile memory loses its data when the power is off, while persistent memory retains it.

What is the main purpose of IOMMU in relation to RAM?

To restrict DMA devices from accessing certain parts of RAM.

What type of attack allows an attacker to extract firmware from ROM hardware?

Confidentiality Attack

Buffer overflow occurs when software writes data within the boundaries of the buffer.

False

An attacker can execute a side-channel attack on SRAM by analyzing the power consumption.

True

What is Return-Oriented Programming?

A type of attack where attackers use existing code pieces (gadgets) to perform malicious actions.

The mechanism extit{ASLR} is used to separate parts of the program across the ______ to increase security.

memory

What is the main vulnerability in the discussed scenarios?

Physical access to the hardware

Match the following concepts with their descriptions:

Buffer Overflow = Anomaly of writing outside its allocated memory IOMMU = Regulates memory access for devices ASLR = Prevents predictable memory addressing Return-Oriented Programming = Uses existing code for attacks

The best protection mechanism is to not leave the hardware __________ at any moment.

unattended

Which of these statements is true regarding the NON-executable stack protection?

It protects the stack from being executed as code.

Match the memory type with its associated attack method:

ROM = Firmware extraction SRAM = Side-Channel attack RAM = DMA Injection Cache = Power analysis

Why is full disk encryption not a complete solution for protecting data when a system is on?

Decrypted content can be accessed by running processes.

Return-Oriented Programming requires attackers to write new malicious code into memory.

False

How does ASLR increase security against attacks?

By randomizing memory addresses, making it harder to find exploits.

ROM is less important to protect than SRAM because it does not contain sensitive data.

False

What can happen if DMA interacts with RAM without the need for virtual memory?

Malicious data can be injected into RAM.

What is the primary function of a DMA (Direct Memory Access) controller?

To transfer data between RAM and peripherals without CPU involvement

The CPU accesses ROM through virtual addresses exclusively.

False

What type of memory does the CPU use to access data through virtual addresses?

RAM

Embedded systems typically use ROM for storing data because it contains _____ programs.

static

Match the following memory types with their characteristics:

RAM = Accessed by the CPU via virtual addresses ROM = Suitable for embedded systems with static programs SRAM = Accessed by the CPU via physical addresses DMA = Transfers data without CPU intervention

What happens if the TLB does not contain a virtual address?

A page fault occurs, and the data is loaded from disk.

A cold boot attack involves the attacker accessing the device after it has been powered down.

True

What is one common method an attacker might use to access RAM data?

Cold boot attack

The CPU accesses _____ memory via both physical and virtual addresses.

SRAM

What is the main risk associated with an attacker having physical access to a device?

Extracting data from RAM

How does the IOMMU ensure secure and isolated memory access in a virtualized environment, and what role does PCI passthrough play in this process?

The IOMMU translates device-visible virtual addresses to physical addresses to enforce memory isolation, ensuring that devices can only access their allocated memory regions. PCI passthrough allows virtual machines direct access to physical devices, enhancing performance while requiring careful configuration of IOMMU to maintain security and isolation.

What specific mechanisms does the IOMMU use to prevent DMA attacks, and how does its functionality differ from the CPU's MMU?

The IOMMU uses address translation and access control checks to prevent unauthorized access during direct memory access (DMA) transfers, while the CPU's MMU primarily manages virtual memory and protects memory spaces for processes.

Study Notes

Memory Types

• Three main memory types in modern computers are RAM, ROM, and SRAM.
• RAM (random access memory) is volatile memory, meaning its data is lost when power is off.
• ROM (read-only memory) is persistent memory, retaining data even without power.
• SRAM (static RAM) is a type of RAM but also volatile.

Volatile vs. Persistent Memory

• Volatile memory loses data when power is removed.
• Persistent memory retains data even when power is off.
• RAM is volatile; data is erased when the computer is turned off.
• ROM is persistent; data remains saved even without power.
• SRAM is volatile; data disappears when the power supply is disconnected.

Virtual vs. Physical Addresses

• Virtual addresses are translated to physical addresses by the Memory Management Unit (MMU).
• Each process has its own page table to translate virtual addresses to unique locations in physical memory.
• A Translation Lookaside Buffer (TLB) speeds up this translation process.
• Processes are prevented from accessing each other's memory by using distinct virtual address spaces and TLB entries.
• A CPU needs virtual addresses to access data stored in RAM for computations.
• DMA (Direct Memory Access) devices use physical addresses to transfer data directly to/from peripherals without CPU intervention.

Memory Access Mechanisms

• Components access RAM through physical addresses (DMA) or virtual addresses (CPU).
• Components access ROM through physical addresses (embedded systems) or virtual addresses, which are rarely used (CPU).
• Components access SRAM through physical addresses (cache) or virtual addresses (CPU).

Execution of an Executable File

• An executable file's instructions are loaded into RAM.
• The CPU fetches the instructions and executes them.
• The CPU uses virtual addresses to access memory locations.
• Page faults occur when virtual addresses need data not currently in RAM; the OS loads the necessary data from storage.
• Data from the hard disk (storage) is loaded into RAM.

Attacker Models and Memory Attacks

• RAM: Attacker can access the device physically, steal data, or perform a cold boot attack.
• ROM: Attacker physically accesses ROM hardware to extract firmware (confidentiality attack).
• SRAM: Attacker can analyze the power consumption of SRAM to determine cache contents via side-channel attack.

Protection Mechanisms for Memory

• Non-executable Stack Protection: Protects against buffer overflows.
• Address Space Layout Randomization (ASLR) makes Return-Oriented Programming (ROP) attacks more complex. This technique separates code/data mappings randomly, preventing attackers from predicting where gadgets will be located.

Key Memory Security Considerations

• ROM is extremely important to secure, as it contains crucial firmware that (ideally) should not be modified.

Description

Test your knowledge on the different types of computer memory, including RAM, ROM, and SRAM, and their characteristics related to volatility and persistence. Additionally, explore how virtual addresses are managed and translated into physical addresses within a computer system.