Hello L4 Hackers,
a long time ago (*), Jochen Liedtke described a potential denial-of-service attack against the L4 kernel by -IIRC- requesting a huge number of mappings, thereby exhausting kernel memory. Does this issue still exist in the current L4 implementations or has it been solved (How?).
Kind Regards
Rob
(*) see http://i30www.ira.uka.de/research/documents/l4ka/preventing-denial-of-servic...
There are broadly three approaches the community is exploring (that I'm aware of).
1. Pager-like control of kernel memory (See Andy Haerberlen's paper with me for one description, I believe TU Dresden also has a Diplomarbeit describing an approach along similar lines, apologies to Dresden for not being more specific, I'm time constrained).
2. Restricting kernel memory consuming operations to the root server where they can be controlled, the NICTA N-series APIs do this.
3. Making kernel memory and kernel data structures first class objects in the API and providing a model of transforming between them (no implicit allocation in the kernel at all), and then controlling delegation of those objects. This is what I'm exploring with the seL4 (secure embedded L4) project.
I won't debate the merits of the approaches, other than to plug option 3 (i.e. what I'm working on at the moment :-))
Cheers
- Kevin
-----Original Message----- From: l4-hackers-bounces@os.inf.tu-dresden.de [mailto:l4-hackers-bounces@os.inf.tu-dresden.de] On Behalf Of Robert Kaiser Sent: Friday, 19 May 2006 2:25 AM To: l4-hackers@os.inf.tu-dresden.de Subject: DoS problem still existing?
Hello L4 Hackers,
a long time ago (*), Jochen Liedtke described a potential denial-of-service attack against the L4 kernel by -IIRC- requesting a huge number of mappings, thereby exhausting kernel memory. Does this issue still exist in the current L4 implementations or has it been solved (How?).
Kind Regards
Rob
(*) see http://i30www.ira.uka.de/research/documents/l4ka/preventing-de
nial-of-service.pdf
-- Robert Kaiser rkaiser@sysgo.com SYSGO AG Tel.: +49-6136-9948-0 Am Pfaffenstein 14 Fax: +49-6136-9948-10 55270 Klein-Winternheim http://www.sysgo.com
l4-hackers mailing list l4-hackers@os.inf.tu-dresden.de http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
l4-hackers@os.inf.tu-dresden.de