Assignment 5: Memory PDF

Name : Ioan-Radu Bocu Student number : s1104958 Assignment 5 1. Three types of memory are : RAM, ROM and SRam. 2. The di erence between the volatile memory and persistent memory is that volatile memory (every data that is contained within) is erased after the machine is turned o , while persistent memory is retained even if the electricity ux is stopped. RAM is volatile memory as the RAM is emptied as the machine where it is contained, is turned o. ROM is persistent memory because it is used to store software(such as rmware) that is very rarely changed during the life of the machine. SRam is a type of RAM, so it is a volatile memory as it used to enforce the cache of the CPU or its registers. Regardless, where it is used, the data that reaches in registers or cache is changed at a fast pace, so that’s why Sram is also volatile. ff fl fi ff ff 3. The di erence between virtual addresses and physical addresses is that virtual addresses may not correspond to a real location in memory, while physical addresses actually correspond to a location in memory. Virtual addresses are part of the virtual address space, which is part of the virtual memory, while physical addresses are part of the physical memory. A range of virtual addresses are translated to a range of physical addresses by the MMU. 4. Each entry in the TLB has a tag and a value. If the tag of the of the virtual address to translated matches the tag in the entry , then the corresponding value of the entry is returned. Same virtual addresses in 2 di erent processes have di erent tags. Because they have di erent tags, the TLB can distinguish over them in such a way that the physical address of another process is not a ected. RAM : Through physical addresses : DMA(Direct Memory Access Controlers) : A DMA is a hardware component that transfers data between RAM and peripherals without the CPU to be involved in a way or another So, DMA works directly with physical addresses Through virtual addresses : CPU The CPU when needs data for performing computations, it needs to extract this data via the virtual addresses such that the CPU receives the data that it is supposed to receive ROM : Through physical addresses : embedded systems Embedded systems are supposed for most of the time to do the same thing, so they need the same procedures which are provided by the ROM. The programs stored in ROM very rarely change so they are suitable for working with embedded systems Through virtual addresses : CPU Same explanation as above, the CPU needs Virtual Memory when trying to access data from ROM. Sram : ff ff ff ff ff Through physical addresses : the cache within the CPU, the cache within the CPU access SRAM via physical addresses Through virtual addresses : the CPU can access the the SRAM , same as the usual ram via virtual addresses if (TLB.contains(v_addr)) phy_addr = TLB.get(v_addr) else : # The mapping is not in the tlb, so we need to get the mapping from the page table if (PageTable.contains(v_addr) : # This means that the mapping exists, so the data is found at the physical address # in RAM mapping = PageTable.get(v_addr) phy_addr = mapping.physical_address TLB.add(mapping) else : # Here we encountered a page fault, so we need to get the memory out of the disk page = Disk.unload_page(v_addr) phy_addr = RAM.load_page(page,v_addr) # loading the page in RAM mapping = new Mapping(v_addr, phy_addr) PageTable.add(mapping) TLB.add(mapping) # fetching the data data = RAM.read(phy_addr) #CPU uses the data CPU.execute(data) I was considering that this would be the clearest explanation, and also straightforward RAM Attacker model : Attacker could have physical access to the device (the attacker could still the device, or just read the data from the RAM and store it in an external storage device) Attack : Cold Boot attack It is a type o side-channel attack where the attacker with access to the hardware component, steals the data from RAM by performing a cold boot. The data survives for a few seconds-minutes even if the machine is turned o (con dentiality attack) ROM Attacker model : The attacker could have physical access to the ROM hardware Attack : Firmware extraction By having access to the ROM where the rmware is stored, the attacker could simply extract the rmware by using the proper equipment (con dentiality attack) SRAM Attacker model : The attacker could have physical access to the SRAM hardware Attack : Side-Channel attack , the content of the cache may be determined by analyzing the power consumption of the SRAM 8. I would say that in all 3 cases, the best protection mechanism would be to no leave the hardware unattended at any moment. As the vulnerability in all 3 cases is “attacker has physical access to the hardware”, I would say that this would be an appropriate measure. 9. I consider that ROM would be the most important memory to protect , because it stores the rmware which is crucial not to be modi ed. fi fi ff fi fi ff fi fi 1. The tool rst needs to identify the KeePass process running. Then the tool attaches to the program running via some special methods, in such a way that the tool can see the memory of KeePass. Then via a memory scan, the tool looks for patterns or some data structures that store the decrypted passwords. 2. No, the problem would not be solved because the full disk-encryption secures the data when the system is turned o. It is a good protection mechanism in case the hard disk is stolen. But is the system is on and the user is logged in, the keypads can read and write in memory like any other process because the content of the storage device is decrypted. 3. This is a problem because the DMA does not need to interact with Virtual Memory and it can just write malicious data to the RAM, which will a ect other processes that will use the injected data. So, the physical memory can be manipulated easily. 4. IONMU determines which part of the RAM devices can access. If a device is not allowed by IONMU to map to a certain part of RAM, then this part of the RAM will be immune to direct attacks from the DMA devices. fi ff ff 1. Bu er over ow is an anomaly that happens when software writing data outside of the bu er, overwriting the memory locations outside of the bu er. 2. The NON-executable stack protection mechanism is enforced. 3. Return-Oriented Programming is a type of attack that is used by the attackers in case they cannot run their own malicious code in the memory because of defenses like non-executable memory. In this kind of attack, attackers don’t use their own code, they use the existing code. They use pieces of code that end with “return” called gadgets. The attackers puts these gadgets in a speci c order (a sequence) , such that the new program created performs malicious actions, such as gaining unauthorized access. 4. Because, Return Programming does not imply writing malicious code that will be run in the memory , it just makes use of the existing code. 5. This technique ASLR is used to separate parts of the program across the memory, because of this , it will be harder for the attacker to build sequences lead to malicious programs. With this mechanism deployed, nding gadget becomes way more di cult. ff fl fi fi ff ffi ff References : https://en.wikipedia.org/wiki/Cold_boot_attack https://en.wikipedia.org/wiki/Translation_lookaside_bu er https://en.wikipedia.org/wiki/Read-only_memory https://dl.acm.org/doi/10.1145/3583781.3590321 https://security.stackexchange.com/questions/150386/does-iommu-prevent-dma-attacks https://www.cloud are.com/en-gb/learning/security/threats/bu er-over ow/ fl ff ff fl

Assignment 5: Memory PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue