Ring 0

On 2009-03-24, in technology, by kurt

Although I’ve spent the past several years of my professional life being involved in information security policy and management, my first love is still computer operating system security. In this field there’s a fair amount of special terminology, and one of these special terms is “protection rings”, which is a way of saying that, for security reasons, the core of a computer operating system should wall itself off from programs being run on behalf of the user. The lower the “ring” number in which a computer process sits, the more central and, theoretically, more secure it is.

Although this kind of security separation has historically been weak on personal computers, recent attempts to strengthen them in modern operating systems, such as Microsoft Windows Vista, have given rise to thinking about new kinds of attacks that could compromise computers in a protection ring even more central than the operating system itself. So it came as no real surprise to me that researchers recently attending the CanSecWest 2009 conference described a suite of tools and techniques that can totally compromise the BIOS of a computer, rendering all the additional security in the world ineffective.

This is a bit like the analogy of spending a large amount of money on an bank-grade bolt for a door that is hung on a weak door frame. The lock works perfectly well, but a burglar could easily enter by breaking the hinges from their mount. In computer security terms, even if we apply state-of-the-art operating system security techniques, a system whose “ring 0″ protections have been thwarted can be made entirely insecure.

This is not an easy problem to resolve, particularly in businesses that have large number of IT assets, such as laptop computers, in the hands of employees who typically show little interest in the security concerns of their employers. While we might expect hardware manufacturers to come to the rescue, the wide scale deployment of sanctioned remote access tools, such as Intel’s vPro framework, which allows for remote access at layers beneath the operating system, leave data owners skeptical of even highly diligent efforts to secure systems that are connected to public networks.

References:
Researchers unveil persistent BIOS attack methods, ThreatPost
Saavy hackers take the hardware approach, SearchSecurity.com

If you enjoyed this article, please consider sharing it!
Digg Delicious Digg

Tagged with:  

Leave a Reply

By submitting comments, you agree to license them to the public under the terms of the Creative Commons Attribution 2.1 Japan License. Please see our terms of use for details.