[Info-vax] Why not reimplement SEVMS into x86 OpenVMS?

John Dallman jgd at cix.co.uk
Wed Nov 16 11:05:00 EST 2022 

In article <0e2de8f2-8003-4e33-904d-3a3752816c1cn at googlegroups.com>,
superseth369 at gmail.com (Michael C) wrote:

> Wouldn't that boost security until other features can be added?

Different kind of "security." SEVMS is about access controls -
essentially about the ability of different users to protect their work
from each other. It assumes that the operating system is working as
specified. 

The kind of security that is a worry with x86 OpenVMS is the possibility
of implementation bugs that allow subverting the operation of the
operating system. The simplest and commonest of such bugs have been
"buffer overflows" <https://en.wikipedia.org/wiki/Buffer_overflow>, but
there are many other kinds.

Loads of such bugs have been discovered and fixed in the most popular x86
operating systems (Windows, Linux and macOS), and more show up every
month. Finding these bugs can be partially automated, but that process is
somewhat hardware-specific. Nobody has been making automated attacks
against OpenVMS because it's been running on obscure platforms (Itanium
and Alpha). 

Now, OpenVMS may have a lower incidence of such bugs because quite a bit
of it is not written in C, which makes it sadly easy to write
buffer-overflow bugs. Some of it is C, because that was used during the
Alpha port, and increased during the Itanium port. Its use of three
levels of protection, rather than the more common two, may help to limit
the scope of such bugs. However, nobody can be sure about either of those
defences. 

Since Microsoft Windows has certification similar to that of SEVMS, but a
terrible record of implementation bugs, it is clear that the two kinds of
security aren't correlated. 

x86-64 is very popular and fast. However, it's also subject to "Transient
execution CPU vulnerabilities", of which the first and best-known was
"Spectre". SEVMS can't do anything about that.

<https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability>
<https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)>

Some people on this newsgroup are worried that if x86 VMS is publicised
as being highly secure, some of the "security researchers" who spend
their time doing automated attacks against x86 OSes will have a go at VMS
and find that it has vulnerabilities, and that exploiting them isn't
terribly hard, because of the lack of "hardening" facilities like ASLR
and buffer overflow protection. 

<https://en.wikipedia.org/wiki/Address_space_layout_randomization>
<https://en.wikipedia.org/wiki/Buffer_overflow_protection>

ASLR would need to be added to the OS itself. Buffer overflow protection
may be provided by the LLVM back-end for the compilers - I don't know. 

John

More information about the Info-vax mailing list