1 |
Hey all, |
2 |
|
3 |
I'm taking a graduate level Fault Tolerant Computing course. My partner |
4 |
and I intend on injecting single bit faults into the data and text |
5 |
sections of Gentoo SELinux to see if such faults can compromise system |
6 |
security. While it is obvious that a single bit error in some |
7 |
structures, such as the AVC allowed field or the selinux_enforcing, can |
8 |
open an SELinux system for a period of time. We want to look for less |
9 |
obvious holes which may be realized by a single bit flip (also called |
10 |
soft-errors). Our plan is to run a User-mode SELinux kernel and use the |
11 |
ptrace interface to inject errors in the SELinux text section and/or |
12 |
data section. The kernel will execute a test program as init which will |
13 |
attempt to violate the SELinux policy by writing to a protected file |
14 |
with mod=777 and then shutdown the system. Given more time we would |
15 |
like to violate other things than simple file permissions. |
16 |
|
17 |
We are aware that the impact of a transient single bit errors depends on |
18 |
how long the bit-error lasts. In the case of an bit error in the AVC it |
19 |
may only last a short time (when the avc entry is overwritten) or a long |
20 |
time. Bit errors in the text segment may last longer depending on the |
21 |
particulars of the OS. We are not planning to measure the time that a |
22 |
particular bits creates a vulnerability, we have limited time to get |
23 |
results and the parameter is heavily dependant on the enviroment. We |
24 |
will include this cavot in our report. |
25 |
|
26 |
Our project was inspired by the following papers: |
27 |
|
28 |
* "An Experimental Study of Security Vulnerabilities Caused by |
29 |
Errors" |
30 |
Jun Xu, Shuo Chen, Abigniew Kalbarczyk, Ravishankar K. Iyer |
31 |
|
32 |
* "Using Memory Errors to Attack a Virtual Machine", Sudhakar |
33 |
Govindavajhala, Andrew W. Appel |
34 |
|
35 |
* "Framework for Testing the Fault-Tolerance of Systems Including OS |
36 |
and Network Aspects", Kerstin Buchacker, Volkmar Sieh (HASE '01) |
37 |
|
38 |
If you have any comments or suggestions we would love to hear them. To |
39 |
save traffic on the mailing list you can add your comments to |
40 |
|
41 |
http://www.randomwalking.com/cgi-bin/kwiki/index.cgi?ECE442OutsideComments |
42 |
|
43 |
~Michael Ihde & Tom Brown |
44 |
|
45 |
-- |
46 |
gentoo-hardened@g.o mailing list |