Christian Stueble stueble@cs.uni-sb.de writes:
I am very interested in I/O flexpages and a working clans & chiefs concept to be able to improve the Perseus secure operating system project. (http://www.krypt.cs.uni-sb.de/~perseus). And I have some students here which are interested in practical jobs. But of course they are more interested in security than in operating systems. Do you think that it would be possible to implement this features at the time of a software practical (about 6 month 6 h/week)?
Yes, I think so. However, if your student does not have an operating-systems background, she or he needs to be willing to dive into all of the IA32 reference manual, the L4 reference manual, and the Fiasco source code, or at least keep in touch with someone who has experience with these things.
There are three areas of work for Fiasco:
- Memory representation of the I/O-port--access bitmap - I/O-flexpage--mapping IPC - Mapping-database support for I/O addresses
On user level, at least these programs need to be adapted to use I/O flexpages:
- L4Linux - RMGR
Another (maybe simpler) approach to prevent hardware access would be to allow the RMGR to completely decide whether subtasks are allowed to access I/O ports or not (e.g. configured in the config-file). This allows us to implement a trusted server task which executes these operations while enforcing a security policy. Of course this would be slower etc.....
For such a protocol, simple controlled inheritance of the I/O- privilege level would suffice. However, with it it's impossible to allow privileged, unmodified Linux programs (such as the X server) to access ports.
Michael
l4-hackers@os.inf.tu-dresden.de