Computer Memory Types and Management

Questions and Answers

What type of memory is RAM?

• Persistent memory
• Secondary memory
• Volatile memory (correct)
• Non-volatile memory

ROM is considered volatile memory.

False (B)

What is the function of the MMU in relation to virtual and physical addresses?

The MMU translates a range of virtual addresses to a range of physical addresses.

The data stored in _____ memory is lost when the device is powered off.

volatile

Match the memory type with its characteristic:

RAM = Data is lost when power is off ROM = Data is retained when power is off SRAM = Used for CPU cache and registers Virtual Memory = May not correspond to real memory location

Which of the following statements is true regarding the TLB?

The TLB can distinguish between virtual addresses in different processes using tags. (D)

Persistent memory is automatically cleared when the power supply is interrupted.

False (B)

What differentiates volatile memory from persistent memory?

Volatile memory loses its data when the power is off, while persistent memory retains it.

What is the main purpose of IOMMU in relation to RAM?

To restrict DMA devices from accessing certain parts of RAM. (B)

What type of attack allows an attacker to extract firmware from ROM hardware?

Confidentiality Attack (C)

Buffer overflow occurs when software writes data within the boundaries of the buffer.

False (B)

An attacker can execute a side-channel attack on SRAM by analyzing the power consumption.

True (A)

What is Return-Oriented Programming?

A type of attack where attackers use existing code pieces (gadgets) to perform malicious actions.

The mechanism extit{ASLR} is used to separate parts of the program across the ______ to increase security.

memory

What is the main vulnerability in the discussed scenarios?

Physical access to the hardware

Match the following concepts with their descriptions:

Buffer Overflow = Anomaly of writing outside its allocated memory IOMMU = Regulates memory access for devices ASLR = Prevents predictable memory addressing Return-Oriented Programming = Uses existing code for attacks

The best protection mechanism is to not leave the hardware __________ at any moment.

unattended

Which of these statements is true regarding the NON-executable stack protection?

It protects the stack from being executed as code. (C)

Match the memory type with its associated attack method:

ROM = Firmware extraction SRAM = Side-Channel attack RAM = DMA Injection Cache = Power analysis

Why is full disk encryption not a complete solution for protecting data when a system is on?

Decrypted content can be accessed by running processes. (A)

Return-Oriented Programming requires attackers to write new malicious code into memory.

False (B)

How does ASLR increase security against attacks?

By randomizing memory addresses, making it harder to find exploits.

ROM is less important to protect than SRAM because it does not contain sensitive data.

False (B)

What can happen if DMA interacts with RAM without the need for virtual memory?

Malicious data can be injected into RAM.

What is the primary function of a DMA (Direct Memory Access) controller?

To transfer data between RAM and peripherals without CPU involvement (C)

The CPU accesses ROM through virtual addresses exclusively.

False (B)

What type of memory does the CPU use to access data through virtual addresses?

RAM

Embedded systems typically use ROM for storing data because it contains _____ programs.

static

Match the following memory types with their characteristics:

RAM = Accessed by the CPU via virtual addresses ROM = Suitable for embedded systems with static programs SRAM = Accessed by the CPU via physical addresses DMA = Transfers data without CPU intervention

What happens if the TLB does not contain a virtual address?

A page fault occurs, and the data is loaded from disk. (B)

A cold boot attack involves the attacker accessing the device after it has been powered down.

True (A)

What is one common method an attacker might use to access RAM data?

Cold boot attack

The CPU accesses _____ memory via both physical and virtual addresses.

SRAM

What is the main risk associated with an attacker having physical access to a device?

Extracting data from RAM (B)

How does the IOMMU ensure secure and isolated memory access in a virtualized environment, and what role does PCI passthrough play in this process?

The IOMMU translates device-visible virtual addresses to physical addresses to enforce memory isolation, ensuring that devices can only access their allocated memory regions. PCI passthrough allows virtual machines direct access to physical devices, enhancing performance while requiring careful configuration of IOMMU to maintain security and isolation.

What specific mechanisms does the IOMMU use to prevent DMA attacks, and how does its functionality differ from the CPU's MMU?

The IOMMU uses address translation and access control checks to prevent unauthorized access during direct memory access (DMA) transfers, while the CPU's MMU primarily manages virtual memory and protects memory spaces for processes.

Flashcards

Persistent Memory

A type of memory that retains data even after the power is turned off. Examples include ROM (Read-Only Memory), which stores firmware, and flash memory, used in USB drives and SSDs.

Volatile Memory

A type of memory that loses its data when the power is turned off. Examples include RAM (Random Access Memory) and SRAM (Static RAM).

CPU Cache

A form of memory used by the CPU to quickly access frequently used data. This memory is much faster than main memory (RAM) but smaller. It usually stores instructions and data from the most recently used parts of the program.

RAM (Random Access Memory)

A type of volatile memory used as the main memory in a computer. It is faster than secondary storage (like hard drives), but data is lost when the power is turned off.

SRAM (Static RAM)

A type of volatile memory, similar to RAM but faster, often used as a cache for the CPU or its registers.

Virtual Address

An address that represents a location in a computer's virtual memory space. This address is used by the processor when accessing data or instructions.

Physical Address

An address that corresponds to a physical location in the computer's main memory (RAM). This is the actual address used by the memory controller to access data.

Memory Management Unit (MMU)

A component within the CPU that translates virtual addresses (used by the processor) into physical addresses (used by the memory controller) to access data.

What is DMA?

DMA (Direct Memory Access) is a hardware component that directly transfers data between RAM and peripherals without CPU involvement.

How does the CPU access data in RAM?

The CPU accesses data in RAM using virtual addresses, which are then translated to physical addresses by the memory management unit (MMU).

Why are embedded systems suitable for using ROM?

Embedded systems typically use ROM (Read-Only Memory) for storing programs and data that rarely change.

How does the CPU's cache access SRAM?

The cache within a CPU accesses SRAM (Static RAM) using physical addresses.

What is the TLB?

The Translation Lookaside Buffer (TLB) is a cache that stores recently used virtual-to-physical address mappings, speeding up access time.

What happens if a virtual address is not found in the TLB?

If a virtual address is not found in the TLB, the MMU checks the page table to find the corresponding physical address.

What is a page fault?

A page fault occurs when the requested data is not in RAM and needs to be loaded from disk.

What is a cold boot attack?

A cold boot attack exploits the persistence of data in RAM after a system is powered off to extract sensitive information.

What type of attack is a cold boot attack?

Cold boot attacks are a type of side-channel attack, where attackers exploit system characteristics beyond the intended functionality.

What is an attacker model for RAM?

An attacker could physically access and steal a device or read data from RAM and store it externally.

ROM Firmware Extraction

The possibility of extracting the firmware by gaining physical access to the ROM where it's stored.

SRAM Side Channel Attack

An attack that analyzes power consumption of the SRAM to identify specific cache contents.

Full Disk Encryption Limitation

Full disk encryption protects data when the system is off, but once the system is on and logged in, the data is decrypted, making it vulnerable to attacks.

DMA Injection Attack

The attacker can bypass virtual memory protections by using DMA and inject malicious data into RAM.

Memory Scanning Attack

A malicious tool can attach to a running process, scan its memory, and potentially extract sensitive information like passwords.

Attacker Access to Memory

The attacker's ability to read and write to memory like any other process after logging in, even if the entire storage device is encrypted.

ROM Firmware Modification

The attacker can physically access and modify the firmware residing in the ROM.

Hardware Unattended Vulnerability

To mitigate physical access-based attacks, it's generally recommended to not leave hardware unattended.

IONMU (Input/Output Memory Management Unit)

A type of memory protection mechanism that uses a table to control which devices are allowed to access specific parts of RAM. It aims to prevent unauthorized devices from directly accessing and manipulating memory, enhancing system security.

Buffer Overflow

A software error that occurs when a program writes data beyond the allocated buffer, overwriting adjacent memory locations. This can cause unpredictable behaviour or even security exploits.

Non-executable Stack Protection

A security feature that prevents the execution of code from memory regions designated as non-executable, typically the stack. This helps mitigate attacks that aim to execute malicious code within the stack.

Return-Oriented Programming (ROP)

A technique used by attackers to execute malicious code without directly injecting their own code. It involves chaining together existing code fragments, called "gadgets", within a program to achieve harmful actions.

Address Space Layout Randomization (ASLR)

A security technique that helps prevent attackers from predicting the location of code in memory by randomly placing parts of a program in different memory addresses. This hinders attackers' ability to find and exploit vulnerabilities.

Gadget

A code segment that ends with a "return" instruction, often used in Return-Oriented Programming attacks. These gadgets are found within existing code and are executed as parts of a malicious sequence built by the attacker.

Study Notes

Memory Types

• Three main memory types in modern computers are RAM, ROM, and SRAM.
• RAM (random access memory) is volatile memory, meaning its data is lost when power is off.
• ROM (read-only memory) is persistent memory, retaining data even without power.
• SRAM (static RAM) is a type of RAM but also volatile.

Volatile vs. Persistent Memory

• Volatile memory loses data when power is removed.
• Persistent memory retains data even when power is off.
• RAM is volatile; data is erased when the computer is turned off.
• ROM is persistent; data remains saved even without power.
• SRAM is volatile; data disappears when the power supply is disconnected.

Virtual vs. Physical Addresses

• Virtual addresses are translated to physical addresses by the Memory Management Unit (MMU).
• Each process has its own page table to translate virtual addresses to unique locations in physical memory.
• A Translation Lookaside Buffer (TLB) speeds up this translation process.
• Processes are prevented from accessing each other's memory by using distinct virtual address spaces and TLB entries.
• A CPU needs virtual addresses to access data stored in RAM for computations.
• DMA (Direct Memory Access) devices use physical addresses to transfer data directly to/from peripherals without CPU intervention.

Memory Access Mechanisms

• Components access RAM through physical addresses (DMA) or virtual addresses (CPU).
• Components access ROM through physical addresses (embedded systems) or virtual addresses, which are rarely used (CPU).
• Components access SRAM through physical addresses (cache) or virtual addresses (CPU).

Execution of an Executable File

• An executable file's instructions are loaded into RAM.
• The CPU fetches the instructions and executes them.
• The CPU uses virtual addresses to access memory locations.
• Page faults occur when virtual addresses need data not currently in RAM; the OS loads the necessary data from storage.
• Data from the hard disk (storage) is loaded into RAM.

Attacker Models and Memory Attacks

• RAM: Attacker can access the device physically, steal data, or perform a cold boot attack.
• ROM: Attacker physically accesses ROM hardware to extract firmware (confidentiality attack).
• SRAM: Attacker can analyze the power consumption of SRAM to determine cache contents via side-channel attack.

Protection Mechanisms for Memory

• Non-executable Stack Protection: Protects against buffer overflows.
• Address Space Layout Randomization (ASLR) makes Return-Oriented Programming (ROP) attacks more complex. This technique separates code/data mappings randomly, preventing attackers from predicting where gadgets will be located.

Key Memory Security Considerations

• ROM is extremely important to secure, as it contains crucial firmware that (ideally) should not be modified.