Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potential security flaw in "secure" model #60

Open
0152la opened this issue Feb 18, 2022 · 0 comments
Open

Potential security flaw in "secure" model #60

0152la opened this issue Feb 18, 2022 · 0 comments

Comments

@0152la
Copy link
Contributor

0152la commented Feb 18, 2022

Our proposed secure switcher implementation [1] has a potential flaw, as observed by @jacobbramley here. We are storing some capabilities within a space that the compartment we are switching into has access [2]. It should be possible to retrieve these capabilities from within this compartment.

The solution would be to store these before switching the DDC. Which would mean the switcher itself needs to have a scratch space as well.

[1] https://github.com/capablevms/cheri-examples/tree/master/hybrid/compartment_examples/inter_comp_call/secure
[2]https://github.com/capablevms/cheri-examples/blob/master/hybrid/compartment_examples/inter_comp_call/secure/switch_compartment.s#L35-L40

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant