Differences

This shows you the differences between two versions of the page.

Link to this comparison view

p_lkrg:Threat_model [2017/07/12 16:36]
pi3
p_lkrg:Threat_model [2017/07/19 22:19] (current)
pi3 [Security implications]
Line 69: Line 69:
 \\ \\
 ====== Security implications ====== ====== Security implications ======
-To be able to interact with LKRG user must be an administrator of the machine (typically '​root'​ account). This implies thatany new attack surface introduced by the '​core'​ of LKRG will be limited to the scenario of leveraging existing administrator privileges (e.g. '​root'​) to the kernel level access.+To be able to interact with LKRG, a user must be an administrator of the machine (typically '​root'​ account). This implies that any new attack surface introduced by the '​core'​ of LKRG will be limited to the scenario of leveraging existing administrator privileges (e.g. '​root'​) to the kernel level access.
  
-"​Protected Features"​ and future "​Exploit Detection"​ are different, because they intercept some of the functionality directly exposed to the user (e.g. syscalls). If these feature ​are used (PF and/or ED), there is a potential problem ​if any hooking routine is badly written ​- in that case user can have an extra kernel surface to attack. +"​Protected Features"​ and future "​Exploit Detection"​ are different, because they intercept some of the functionality directly exposed to the user (e.g. syscalls). If these features ​are used (PF and/or ED), there is a potential problem ​in case of any hooking routine is incorrectly ​written. In that scenario ​user can have an extra kernel surface to attack. 
-In reality LKRG interceptions are pretty simple (most of the time just checking registers value during the entrance to function/​syscall) and shouldn'​t be problematic.+In realityLKRG interceptions are pretty simple (most of the time just checking registers value during the entrance to function/​syscall) and shouldn'​t be problematic.
p_lkrg/Threat_model.1499902583.txt · Last modified: 2017/07/12 16:36 by pi3
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share