Is Swapping Mechanism a Threat or Paranoia?
Good day% username%.
Preparing the equipment, software and premises for certification for different confidential and pers data data once again, it seemed to me strange that such a field of work of the OS as Swaping organization is not protected by anyone or by anything.
A little look from the inside. Wikipedia gives a fairly balanced definition of this term:
One of the mechanisms for implementing virtual memory, in which individual running processes (usually inactive) move from RAM to hard disk, freeing RAM to load other processes. The main difference of this mechanism from the page one is that the processes move between the RAM and the entire hard disk, therefore sometimes some processes may be completely absent in the RAM. When the conditions for the activation of the process, it is returned to the memory manager in RAM. There are various algorithms for selecting processes for loading and unloading, as well as various methods for allocating RAM and disk memory to a loading process.
')
All is well, even from life we know that a swap can be placed on disks in the form of files (ie, obey the file system drivers) or occupy a separate allocated space on the device, most often in the form of a dedicated partition (the so-called swap partition).
Based on the swaping mechanism, it can be argued that the OS is guided by unknown algorithms, transfers unused, or lower priority memory areas to disk devices. After that, the released memory area is given to other processes. Suppose that the computer is working with important information that is stored in a protected form, on a protected computerand in a protected room . To work with data, you need an application that removes protection at the time of manual or automated processing, let's call it - decryption. After decryption, the data is processed in "open form".
Well, then the matter of technology:
Option number 1 . Turn off the computer - pick up the device - copy the swap - return everything back.
Option number 2 . The OS is configured to delete the matching file at shutdown. Found it only in Windows 2008 Server R2. In Linux I found the swapoff command, not sure what it does exactly that. Under these conditions, click - Reset.
Option number 3 . Remove the image of Acronis.
The resulting file or disk area is studied using the methods available to us.
For protection, special devices intercepting the Reset button can be used, for example: The Sable electronic lock, by theway , it can check checksums from files when downloading, why can't it control the swap ???
I really don't want to turn off the swap, because user actions during the day are not predictable. If you have any thoughts or answers - I will be very happy.
Well, from the recommendation can be advised only for now:
Control Panel-> System-> Advanced-> Performance-> Options->
Advanced-> Virtual Memory-> Modify-> Without paging file-> OK.
Personally, I have met only one information carrier in the description of which there is such a phrase:
The capabilities of Rutoken EDS allow the implementation of a digital signature mechanism so that the private (secret) signature key never leaves the token limits. Thus, the possibility of key compromise is eliminated and the overall security of the information system is increased.
This is my first article on Habré, so do not hit on Yandex.
Preparing the equipment, software and premises for certification for different confidential and pers data data once again, it seemed to me strange that such a field of work of the OS as Swaping organization is not protected by anyone or by anything.
A little look from the inside. Wikipedia gives a fairly balanced definition of this term:
Swap
One of the mechanisms for implementing virtual memory, in which individual running processes (usually inactive) move from RAM to hard disk, freeing RAM to load other processes. The main difference of this mechanism from the page one is that the processes move between the RAM and the entire hard disk, therefore sometimes some processes may be completely absent in the RAM. When the conditions for the activation of the process, it is returned to the memory manager in RAM. There are various algorithms for selecting processes for loading and unloading, as well as various methods for allocating RAM and disk memory to a loading process.
')
All is well, even from life we know that a swap can be placed on disks in the form of files (ie, obey the file system drivers) or occupy a separate allocated space on the device, most often in the form of a dedicated partition (the so-called swap partition).
Threat
Based on the swaping mechanism, it can be argued that the OS is guided by unknown algorithms, transfers unused, or lower priority memory areas to disk devices. After that, the released memory area is given to other processes. Suppose that the computer is working with important information that is stored in a protected form, on a protected computer
!
If at this moment the OS decides to freeze the workflow, then all the variables in which the data is stored will fall on the storage devices in the open form. Moreover, the private keys used to decrypt data, with incorrect programming and not using special media, I can also end up in a swap.Well, then the matter of technology:
Option number 1 . Turn off the computer - pick up the device - copy the swap - return everything back.
Option number 2 . The OS is configured to delete the matching file at shutdown. Found it only in Windows 2008 Server R2. In Linux I found the swapoff command, not sure what it does exactly that. Under these conditions, click - Reset.
Option number 3 . Remove the image of Acronis.
The resulting file or disk area is studied using the methods available to us.
For protection, special devices intercepting the Reset button can be used, for example: The Sable electronic lock, by the
I really don't want to turn off the swap, because user actions during the day are not predictable. If you have any thoughts or answers - I will be very happy.
Well, from the recommendation can be advised only for now:
Control Panel-> System-> Advanced-> Performance-> Options->
Advanced-> Virtual Memory-> Modify-> Without paging file-> OK.
Personally, I have met only one information carrier in the description of which there is such a phrase:
The capabilities of Rutoken EDS allow the implementation of a digital signature mechanism so that the private (secret) signature key never leaves the token limits. Thus, the possibility of key compromise is eliminated and the overall security of the information system is increased.
This is my first article on Habré, so do not hit on Yandex.
Source: https://habr.com/ru/post/87348/
All Articles