From 86cbb86e86ee9f2c926624b671ac2516494bfe47 Mon Sep 17 00:00:00 2001 From: =josephproject1 <=joseph.kaberuka@glasgow.ac.uk> Date: Wed, 8 Nov 2023 17:04:12 +0200 Subject: [PATCH 1/7] uintptr_t does not maintain provenance information --- pointerProvenanceIssue.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 pointerProvenanceIssue.c diff --git a/pointerProvenanceIssue.c b/pointerProvenanceIssue.c new file mode 100644 index 0000000..94d9761 --- /dev/null +++ b/pointerProvenanceIssue.c @@ -0,0 +1,27 @@ + +#include +#include + +int main () { + +int myArray[10]; + +uintptr_t ptr = (uintptr_t)&myArray[0]; //storing the address as uintptr_t + +//performing an invalid operation - accessing a non existent element + +uintptr_r myPtr = ptr + sizeof(int)* 20; + +//trying to accessing the memory using an invalid pointer + +int myValue = *(int*)myPtr // no memory safety checks + +printf("invalid value : %d\n ",myValue); + + +return 0; + +} + + + From 24ca03a4e5c56ad455183978966b84de4af2c05d Mon Sep 17 00:00:00 2001 From: =josephproject1 <=joseph.kaberuka@glasgow.ac.uk> Date: Wed, 8 Nov 2023 17:28:28 +0200 Subject: [PATCH 2/7] Provenance of the pointer tracks --- CHERIProvenanceOfPointer.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 CHERIProvenanceOfPointer.c diff --git a/CHERIProvenanceOfPointer.c b/CHERIProvenanceOfPointer.c new file mode 100644 index 0000000..ee30f60 --- /dev/null +++ b/CHERIProvenanceOfPointer.c @@ -0,0 +1,22 @@ +#include +#include + +int main(){ + +int myArray[10]; + +int *ptr = &myArray[0]; // storing the pointer as a capability + +//perform a capability safe operation - accessing a valid element + +int myValue = *ptr; + +// access within bounds + +int *new_ptr = ptr + 5; + +printf("valid value : %d\n", myValue); + +return 0; + +} From 589bfa36da9b6e849031147251f5a100cfa75da8 Mon Sep 17 00:00:00 2001 From: =josephproject1 <=joseph.kaberuka@glasgow.ac.uk> Date: Wed, 8 Nov 2023 18:53:13 +0200 Subject: [PATCH 3/7] CHERI facilitates sweeping revocation technique --- CHERIcapabilitySweepingRevocation.c | 47 +++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 CHERIcapabilitySweepingRevocation.c diff --git a/CHERIcapabilitySweepingRevocation.c b/CHERIcapabilitySweepingRevocation.c new file mode 100644 index 0000000..8592e96 --- /dev/null +++ b/CHERIcapabilitySweepingRevocation.c @@ -0,0 +1,47 @@ +#include +#include +int main() { + +//create a capability to a memory region + +int data[10] = {0}; + +cheri_object data_cap; + +data_cap = cheri_build_data_cap(data, sizeof(data), CHERI_PERM_LOAD|CHERI_PERM_STORE); + +//read and write access capability + +int* cap_ptr = cheri_cast(int*, data_cap); + +//read and write data + +cap_ptr[0] = 42; + +int value = cap_ptr[0]; + +printf("initial value: %d\n", value); + +//let's simulate a security breach or a vulnerability detection + +//decide to revoke or write access to the memory region + +cheri_set_perms(&data_cap,CHERI_PERM_LOAD);//revoke write permissions + +//attempting to write after revoking triggers an exception + +//uncommenting this line would trigger a capability violation exception + +//cap_ptr[1]=99; + +//however,read access remains allowed + +int read_value = cap_ptr[1]; + +printf("read only value: %d\n", read_value); + +return 0; + + +} + From c8a0b5335779d61d711039bf111e6d2aa10de4f3 Mon Sep 17 00:00:00 2001 From: =josephproject1 <=joseph.kaberuka@glasgow.ac.uk> Date: Thu, 9 Nov 2023 12:25:37 +0200 Subject: [PATCH 4/7] Insecure encapsulation access --- LackofSecureEncapsulationIssue.c | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 LackofSecureEncapsulationIssue.c diff --git a/LackofSecureEncapsulationIssue.c b/LackofSecureEncapsulationIssue.c new file mode 100644 index 0000000..97ab6f5 --- /dev/null +++ b/LackofSecureEncapsulationIssue.c @@ -0,0 +1,51 @@ +#include +#include + +struct Student { + +char name[100]; + +int age; + +}; + +struct Student* create_student(char name*, int age); + +struct Student* student = (struct Student*)malloc(sizeof(struct Student)); + +if(student){ + +strcpy(student->name, name); + +student->age = age; + +} + +return student; + +} + +int main() { + +struct Student* student1 = create_student("Alice", 20); + +struct Student* student2 = create_student("Bob", 22); + +//unintentional access to students data (no encapsulation) + +printf("student1: %s,%d\n", student2->name, student2->age); + +free(student1); +free(student2); + +return 0; + +} + + + + + + + + From bba7a98fd43067c0e3014500f92d3a594ca29557 Mon Sep 17 00:00:00 2001 From: =josephproject1 <=joseph.kaberuka@glasgow.ac.uk> Date: Thu, 9 Nov 2023 12:42:14 +0200 Subject: [PATCH 5/7] Secure encapsulation --- CHERISecureEncapsulation.c | 52 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 CHERISecureEncapsulation.c diff --git a/CHERISecureEncapsulation.c b/CHERISecureEncapsulation.c new file mode 100644 index 0000000..c5fc6cf --- /dev/null +++ b/CHERISecureEncapsulation.c @@ -0,0 +1,52 @@ +#include +#include +#include + +struct Student{ + +char name[100]; + +int age; + +}; + +//component1 + +void component1(void* studentCapability){ + +struct Student* student = cheri_setbounds(studentCapability,sizeof(struct Student)); + +strcpy(student->name,"Alice"); + +student->age=20; + +} + +//component2 + +void component2(void* studentCapability){ + +struct Student* student = cheri_setbounds(studentCapability,sizeof(struct Student)); + +printf("componet2 reads: Name: %s, Age: %d\n", student->name, student->age); + +} + +int main (){ + +//memory allocation for the student data + +struct Student sharedStudent; + +void* studentCapability = cheri_setbounds(&sharedStudent,sizeof(struct Student)); + +//components use capability to access the shared student data + +component1(studentCapability); +component2(studentCapability); + +return 0; + +} + + From 4e54d5550724c094375766986b3cbb80907a2021 Mon Sep 17 00:00:00 2001 From: =josephproject1 <=joseph.kaberuka@glasgow.ac.uk> Date: Thu, 9 Nov 2023 12:52:13 +0200 Subject: [PATCH 6/7] In address space protection issue --- LacksSingleInAddressSpaceProtection.c | 30 +++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 LacksSingleInAddressSpaceProtection.c diff --git a/LacksSingleInAddressSpaceProtection.c b/LacksSingleInAddressSpaceProtection.c new file mode 100644 index 0000000..20a97aa --- /dev/null +++ b/LacksSingleInAddressSpaceProtection.c @@ -0,0 +1,30 @@ +#include +#include + +char sharedData[100]; + +//component1 +void component1(){ + +strcpy(sharedData, "Data from component1"); + +} + +//component2 +void component2(){ + +printf("component2 reads: %s\n", sharedData); + +} + +int main(){ + +component1(); + +component2(); + +return 0; + +} + + From 2ef4cc8dc1e8d6a84ff6ab993d8160d0aa0d41bd Mon Sep 17 00:00:00 2001 From: =josephproject1 <=joseph.kaberuka@glasgow.ac.uk> Date: Thu, 9 Nov 2023 13:01:53 +0200 Subject: [PATCH 7/7] Single in address space protection --- CHERIIn-Address-Space-Protection.c | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 CHERIIn-Address-Space-Protection.c diff --git a/CHERIIn-Address-Space-Protection.c b/CHERIIn-Address-Space-Protection.c new file mode 100644 index 0000000..b4e6bd7 --- /dev/null +++ b/CHERIIn-Address-Space-Protection.c @@ -0,0 +1,41 @@ +#include + +struct capData { + +char data[100]; + +}; + +void component1(){ + +struct capData* sharedData =(struct capData*)cheri_malloc(sizeof(struct capData)); + +strcpy(sharedData->data, "Data from component1"); + +//.. some code to pass sharedData to component2 + +} + +//component2 + +void component2(struct capData* sharedData) { + +printf("component2 read: %s\n",sharedData ->data); + +} + +int main() { + + +struct capData* sharedData = NULL; + +component1(&sharedData); +component2(sharedData);//ensures that capability restricts access + +cheri_free(sharedData); + +return 0; + +} + +