This article is more than 1 year old
Hackers' Paradise: The rise of soft options and the demise of hard choices
How it all went wrong for computer security
Lock and load
With a conventional disc controller, DMA (direct memory access) transfers could only take place to or from a contiguous memory area, defined by a starting physical address and a word count. Non-contiguous pages needed one disk command per page.
However, by incorporating a form of MMU into the disc controller, which was loaded with the same relocation constants as the main MMU, the disk controller could perform a single DMA transfer to a series of non-contiguous pages. The DEC Vax was able to do scatter/gather transfers.
CPUs were equipped with local general purpose registers that could be written and read faster than main memory, speeding up iterative processes. At the end of a time slice, the contents of these registers would have to be copied to RAM so they could be stored on the rotating memory and restored when the user’s next time slice came around.
But what registers could the operating system use whilst it was doing that? In practice the processor had two, sometimes three sets of general purpose registers out of which only one set could be multiplexed to the ALU (arithmetic logic unit) at any one time. One of these sets was the kernel set which was for the exclusive use of the operating system.
At the end of a user time slice it was only necessary to set the multiplexer to kernel mode and the register contents were still there from before. Thus the operating system could dip in and out of using the CPU with minimal overhead. Another advantage of multiple register sets is that in principle, nothing the user or process does can affect the operating system.
VAX-11/780: gone are the days when computer architects could sleep easy in their beds
Whilst the performance of these machines in terms of processing speed and memory size seems modest by modern standards, it would be extremely unwise to mock them, because three decades ago they incorporated all of the essential features necessary to build a hack-proof computer. Instead it is we who deserve the mockery for building, programming or tolerating machines that, however powerful, are obviously deficient in the security department and not getting any better.
The combination of kernel and user register sets in the CPU with hardware memory management and a small amount of hard-wired logic that no software of any kind could circumvent, meant that with a competent operating system, these machines were essentially bomb proof.
Processes had access only to an area of RAM that was under the control of the MMU, which in turn was controlled by the operating system. Processes had access only to certain parts of the CPU in user mode and since the entire virtual address range of the processor was mapped to memory, no direct access to any peripheral device was possible.
Any violation of MMU rules, such as an attempt to write to a read-only page, would result in a trap. A trap is a hard-wired process that forces the CPU into kernel mode and vectors the program counter to a constant location in physical memory. The operating system residing there wakes up in an error-handling routine that inspects the MMU registers and immediately alerts it that it is under threat. The offending process will be aborted.
Since malware relies on having access to the whole computer in order to do harm when the code is executed, malware on such a machine will be defeated, because even if it manages to get into the machine as a bona fide piece of code, as soon as it runs, it will find it has no direct access to anything except an area of RAM. It can’t mess with the operating system because it will run in user mode. It can’t mess with the mass storage because only kernel processes can reach the physical addresses of peripherals.
Today we are awash with malware, viruses and the rest. Their very existence, their success from their perverted standpoint, gives away the fact that security in most of today’s computers is sadly lacking, even if it doesn’t tell us the reason. We have a worldwide anti-virus industry that for a small fee will close your stable door after the horse has bolted.
Essentially, we have dispensed with the door locks, fired the night watchman and security consists of circulating photographs of known burglars so we can recognise them after they have entered our property. Not good enough.