Re: HardBound and SoftBound (was "The State of Software")

Wilco Dijkstra wrote:
"Andy "Krazy" Glew" <ag-news@xxxxxxxxxxxxxxx> wrote in message news:4A7BB524.2080809@xxxxxxxxxxxxxxxxxx
Wilco Dijkstra wrote:
Why waste hardware effort on something that is a essentially a management
issue? Companies are often unwilling to pay the real cost of correct and safe
software.
Because security is all about finding the points of maximum leverage, and fixing those.

Instead of fixing millions of programmers
fix the far smaller number of compiler writers
by deploying a feature in the chip
that all of them execute code on.

The compiler is indeed the right place to improve things. But C/C++ compilers
are already overly complex beasts, and codegeneration bugs are not at all rare.
Adding additional complex stuff on top of it cannot be good.

I think this is a good argument for doing such checks in hardware, like HardBound, not in software, like SoftBound.

Compiler changes are necessary to indicate to hardware the bounds of the object. But, once that is done, hardware can perform the dataflow propagation and the checks.

--

From time to time people propose that there is no need for hardware support for security at the OS level - i.e. no need for kernel mode (x86 ring 0) versus user mode (x86 ring 3).

After all, all of this can be done simply by the software, right?

However, after bad experience with the Burroughs machines (software bugs, in the assembler or loader, as I recall, allowing user code to become "kernel"), Gligor wrote the policy recommendation that all hardware should have at least kernel and user mode, and a limied number of ways to go from one to the other that can be rigorously inspected.

There was a brief resurgence in interest in software only security on Java based cell phones. One of my Motorola contacts has assured me that this turned out to be a bad idea. Fortunately, now most cell phone processors are powerful enough to have user and kernel modes, or the equivalent.



[a good discussion on compilers, standards, and Gresham's Law]


--
The content of this message is my personal opinion only.
Although I am an employee - currently of Intel,
in the past of other computer companies such as AMD, Motorola, and Gould
- I reveal this only so that the reader may account
for any possible bias I may have towards my employer's products.
The statements I make here in no way represent my employer's position,
nor am I authorized to speak on behalf of my employer.

In fact, this posting may not even represent my personal opinion,
since occasionally I play devil's advocate.
.

Quantcast