* * * * *

                         Rethinking computer security

I came across this Google Tech Talk about computer security [1] given by Rik
Farrow [2] wherein his thesis is that we need to rethink what we're trying to
accomplish.

One thought struck me during the discussion on buffer overflow attacks [3]—
the Motorola 6809 [4] had two stack pointers, one used by the CPU (Central
Processing Unit) itself to store return addresses, but another one that I
always assumed was supposed to be used solely for parameter passing. So
instead of passing parameters on the default stack like, say, the 8086:

> MSG.1 DB      '%s',0
> MSG.2 DB      'Hello world',13,10,0
>
>       ...
>
>       MOV     AX,OFFSET MSG.1
>       PUSH    AX              ; save on SP
>       MOV     AX,OFFSET MSG.2
>       PUSH    AX              ; save on SP
>       CALL    _printf         ; return address also on SP
>

where everything gets pushed onto one stack and you run the risk of
overwriting the return address, on the 6809, use the other stack for
parameters:

> MSG.1 FCS     '%s',0
> MSG.2 FCS     'Hello world',13,10,0
>
>
>       ...
>
>       LDX     #MSG.2
>       PSHU    X       * push onto the User stack
>       LDX     #MSG.1
>       PSHU    X       * push onto the User stack
>       JSR     _printf * return address on System stack
>

Using a separate stack means you only overwrite program data, not critical
system information (especially important when arrays are defined on the
stack). But, in reading about some of the ways that buffer overwrites can be
exploited, this may not foil every attack. But it's a start, and modern CPUs
certainly have enough registers to have a separate parameter stack (although
in reading interviews with the 6809 designers [5], it seems the user stack
register was meant to construct stack frames on a single stack, much like the
x86's use of the SP and BP registers).

That also reminded me of the Intel 432 [6], which treated everything as an
object with set memory limits, so gaining a buffer overwrite exploit on a 432
based system would be exceedingly difficult indeed (too bad it died—it's an
interesting chip).

But the basic thrust of the talk was that our computer security models are
severely outdated and come from a time when a single computer was shared
among several people, whereas today, we have a single user shared among
computers (or at the very least, a single user per system, and in this talk,
he considered something like Apache [7] as a user) using software (say,
certain email clients) that accepts code from Lord knows where (say, evil
spammers) and simply executes it (because it goes out of its way to [DELETED-
press-DELETED] execute the oh so shiny [DELETED-button-DELETED] code). We
need to rethink what we want from computer security.

[1] http://video.google.com/videoplay?docid=1762847950860111011&q=google+tech+talks
[2] http://spirit.com/
[3] http://en.wikipedia.org/wiki/Buffer_overflow
[4] http://en.wikipedia.org/wiki/Motorola_6809
[5] http://www.techheap.com/processors/6809/the_6809.pdf
[6] http://www.sasktelwebsite.net/jbayko/cpu7.html
[7] http://httpd.apache.org/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.