jump to navigation

Process Isolation September 16, 2013

Posted by louloizides in Security.


When reading the paper “The Protection of Information in Computer Systems” [1] I initially expected this to be an attempt to cover a broad range of computer security topics as a general design guide. This would, of course, be very ambitious for any author and possibly not useful due to the diversity of potential computer security subjects.

Several pages into reading the paper, however, it was clear that while the term “virtual processor” tended to imply virtualization, the paper was clearly focused on the concept of process isolation. Process isolation is something we take for granted nowadays. Pulling up the task manager in windows, for instance, might show several processes that are consuming X% of the CPU – these are the virtual processors as described in the paper. When the paper was written in 1975 it’s likely that several companies had debates over how to manage this kind of isolation effectively. Furthermore, in the common mainframe environments of the 1970s, isolating memory between processes was even more critical than it is today.

The paper made several design recommendations that seem to make a lot of sense, but aren’t completely intuitive. For instance, I believe that many of us would prefer a system with closed source code for security. But the paper argued that having an open system with secure keys would be less susceptible to vulnerabilities as protection mechanisms (implying the source code and algorithms) could be inspected by others. I believe a key example of this, for instance, would be SSL. The SSL standards are open, but SSL is extremely secure as long as the keys are not known.

Another interesting point the article made was to limit functions between users, as those shared functions represent a potential information path between users. It’s important to remember the context of this as being in terms of process isolation, but the same general principle can apply to any other system with multiple users. A shared database, for example, has the potential to be hacked by one user to gain information about the others.

Reading about process isolation was very useful to me. I’ve been in situations where I’ve had to write several programs that had to work together. Windows provides mechanisms to send messages from one program to another, but they can be very limited and frustrating. The paper provided some interesting insight into how those mechanisms work, and prompted me to read further on the subject. One interesting point the paper made is that when a message is sent from one process to the other, the system must be able to correctly determine the sender to avoid creating a security risk. In the case of windows messages between processes, there’s no secure mechanism for validating the sender. Of course on a personal computer this isn’t as critical as with a larger mainframe system.

Most of the systems analyzed in the paper are no longer used. The vast majority of processors today have an x86 or ARM architecture.  But after reading the paper to provide a background on concepts, I wanted to learn more about the descriptor table on an Intel Processor. The Wikipedia contains a great article [2] on the subject and the x86 descriptor table resembles the registers described in the paper. One interesting point the Wikipedia article made was that x86 chips have both local and global descriptor tables. Local descriptors are used for tasks within the same process (I’m guessing tasks=threads but I’ll have to do more reading). One thing I’d like to also read further on is how the descriptor table is modified when emulating a 32 bit system on a 64 bit one.

One question I’d ask readers is whether or not the current ARM and Intel process isolation techniques are good enough. There are clearly greater security risks when virtualizing entire systems and stronger techniques are used, but do we have to strengthen isolation between processes on a personal computer as well? What about mobile phones (as in the case of Apple’s walled garden approach)?

  1. Saltzer, Jerome H., and Michael D. Schroeder. “The Protection of Information in Computer Systems”. Proceedings of the IEEE, Volume 63 Issue 9. 1975.
  2. Wikipedia Contributors, Global Descriptor Table, http://en.wikipedia.org/wiki/Global_Descriptor_Table. Accessed August 10, 2004.


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: