Announcement

Collapse
No announcement yet.

AMDGPU Working On "Secure Display" Functionality

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Any system which has a display permanently attached could be described as being "mission critical"...? While one can do HPC tasks on a headless box, it's a little hard to do office tasks via SSH - unless you're one of those people who can do everything in vim/mail/lynx, of course!

    Comment


    • #12
      Originally posted by uid313 View Post
      This rogue third party that they don't want to snoop on the application framebuffer is you.
      They don't want you to be able to take screenshots or do video capture.
      Sometimes this is exactly what you want to happen. Lets say you are sharing your desktop(like game play capture) and a login screen comes up with password displayed in plain text ideal would be of course if that Window was not shared/displayed in the remote because its on a different trust level would be right.

      Originally posted by polarathene View Post
      What kind of scenario/attack does it prevent?
      There is a need to split trusted and untrusted applications from each other. Have you ever tried screen shotting UAC windows
      https://www.winhelponline.com/blog/c...vation-dialog/
      Yes out the box under windows attempting to screenshot UAC dialog does not work because its on a different trust level.

      The reality is XACE for X11 did attempt to implement the same feature as well there was not video card driver support for it back then either.

      Really this is a general desktop required feature. Taken too far where users cannot assign what they want to what ever trust level is a problem. If it left that the end user can set trust levels by setting and having trust levels setup by default can protect end user from own caused goof.

      Hard point here there is need for computer software at times to attempt to prevent human error by putting some minor obstacles in way from doing particular things. Like screen shot of password dialogs should really require jumping though a few steps not just work magically out box all the time.

      High security desktops do need this functionality as they have applications at different trust levels and applications of lower trust level are not meant to be able to see that high trust level applications are even running.

      These features are double sided swords. Yes this is a feature you find in Windows and Mac OS that has really not been properly on Linux.


      Comment


      • #13
        Originally posted by oiaohm View Post

        Sometimes this is exactly what you want to happen. Lets say you are sharing your desktop(like game play capture) and a login screen comes up with password displayed in plain text ideal would be of course if that Window was not shared/displayed in the remote because its on a different trust level would be right.



        There is a need to split trusted and untrusted applications from each other. Have you ever tried screen shotting UAC windows
        https://www.winhelponline.com/blog/c...vation-dialog/
        Yes out the box under windows attempting to screenshot UAC dialog does not work because its on a different trust level.

        The reality is XACE for X11 did attempt to implement the same feature as well there was not video card driver support for it back then either.

        Really this is a general desktop required feature. Taken too far where users cannot assign what they want to what ever trust level is a problem. If it left that the end user can set trust levels by setting and having trust levels setup by default can protect end user from own caused goof.

        Hard point here there is need for computer software at times to attempt to prevent human error by putting some minor obstacles in way from doing particular things. Like screen shot of password dialogs should really require jumping though a few steps not just work magically out box all the time.

        High security desktops do need this functionality as they have applications at different trust levels and applications of lower trust level are not meant to be able to see that high trust level applications are even running.

        These features are double sided swords. Yes this is a feature you find in Windows and Mac OS that has really not been properly on Linux.

        I don't think I've ever seen a login screen popup with unmasked plain text password displayed. I don't think this highly hypothetical use case is the rationale behind this. This is to prevent you from capturing content from sites such as Netflix, HBO, Disney+, etc.

        Comment


        • #14
          Originally posted by drlamb View Post

          These are what came to my mind as well. Can't exactly have a modern vehicle's dash display disappear while in motion...
          That would be reliability and not security.......

          Comment


          • #15
            Originally posted by polarathene View Post
            What kind of scenario/attack does it prevent?

            I mean if the attacker were able to modify the framebuffer, isn't it likely they could also manipulate the display via other means? Eg if displaying some critical info on a dashboard display for making real-time decisions for some profession like surgery or precision distance measurements, couldn't the memory be modified related to the UI display?

            Although I guess such a system already has memory protection in the first place, so this is just an additional measure? All I know is with CheatEngine it was really easy to modify memory for applications that either change the actual value that logic operates on, or just the UI representation (false positive if trying to cheat or "hack" a game). I assume if is that easy for users that legitimate threats are much more capable.

            In those movies where they compromise camera feeds (which I assume isn't as quick and easy as fiction depicts it) and put them on a loop, I suppose this would be a scenario this could help prevent?
            Well in those movie scenarios where camera feeds are hijacked, this won't help - in those cases, the video signal from the cameras is sent unencrypted to a central computer (physical security is assumed) and that's why they're able to replace the signal. Since the video signal is hijacked before it reaches the computer in question, and there's no authentication/verification mechanism, there's no way to tell that the video signal was hijacked (unless the computer analyzes the video on a continuous basis, looking for loops, repeated segments etc.)

            Comment


            • #16
              Originally posted by uid313 View Post

              I don't think I've ever seen a login screen popup with unmasked plain text password displayed. I don't think this highly hypothetical use case is the rationale behind this. This is to prevent you from capturing content from sites such as Netflix, HBO, Disney+, etc.
              Yeah, either that or government/military/other scenarios where people want to ensure that their display contents can't be copied or tampered with undetected.

              Comment


              • #17
                Originally posted by uid313 View Post
                I don't think I've ever seen a login screen popup with unmasked plain text password displayed. I don't think this highly hypothetical use case is the rationale behind this. This is to prevent you from capturing content from sites such as Netflix, HBO, Disney+, etc.
                Really the fact you have not is that you have not dealt with high secure desktops where you only get 1 shot at your password. Those environments is quite common for the password dialogs to be unmasked to the user but its critical if you unmask to user that you protect login window from capture.

                Seeing part unhidden is more common think android device entering wifi password where you are seeing the last letter pressed for a limited amount of time of course if this end up on a recorded video it makes no difference that the password was displayed 1 char at a time or if was displayed all at once on the ability for the password to be recovered.

                Yes this technology can be used by Netflix, HBO, Disney+, etc. but its also required for your password dialogs if you password dialogs are suitability protected staring out or hidding password entry can be disabled. Yes when you disable hidden password you can change password entry to a 1 try thing. Please note this is only one example

                https://www.x.org/releases/X11R7.5/d...XACE-Spec.html

                uid313 you really do need to read up on XACE this is for you more complex secure desktops done by the old rainbow book of security. This being able to work is required to bring
                https://access.redhat.com/documentat...tors_guide/mls Multi Level Security
                to the desktop so you can have applications of different level of trust on the desktop.

                The reality uid313 is Digital Rights Management abuses Multi Level Security solutions. Just because uid313 you think MLS stuff is only for Netflix, HBO, Disney+, etc does not mean it is. You what to build a high security desktop with Multi Level Security protection around applications so untrusted applications cannot access trusted you want these features.

                Please also note XACE predates the Digital Rights Management as term. Multi Level Security properly working on the desktop changes the world we know like being able to allow a option to display entered passwords on screen some users will find this feature good.

                The reality here is the technology that you seen groups wanting to use for Digital Rights Management should be open to general usage as there are general usage cases like extra protection around password dialogues or environments with desktops running applications at different security levels that should not be allowed to see each other in uncontrolled ways.

                Comment


                • #18
                  Originally posted by sandy8925 View Post

                  Yeah, either that or government/military/other scenarios where people want to ensure that their display contents can't be copied or tampered with undetected.
                  Their problems is not screenshots or video capture, its leaked documents.

                  Comment


                  • #19
                    Originally posted by uid313 View Post
                    Their problems is not screenshots or video capture, its leaked documents.
                    Multi Level Security comes out of military
                    https://en.wikipedia.org/wiki/Bell%E...LaPadula_model

                    Its called the Bell PaPadula Model. This means you should only be able to screenshot applications at applications security trust level or lower you should not seen in a screenshot any application of a higher security level in the OS to the application. So the idea that the government usage problem is not screenshots or video capture is wrong.

                    We need this stuff to implement Multi Level Security for government desktops and different company desktops. This is not just a leaked documented thing there is a required functionality the OS has to provided to pass particular standards to used at particular security levels.

                    This is the annoying part seeing stuff appear setup only for digital rights management and not setup for generic Multi Level Security is annoying as well. Every feature those wanting to do for digitial rights management you need to implement Bell PaPadula Model in software completely but in a generic system administrator usable way.
                    Last edited by oiaohm; 14 January 2021, 03:06 PM.

                    Comment


                    • #20
                      Originally posted by oiaohm View Post

                      Multi Level Security comes out of military
                      https://en.wikipedia.org/wiki/Bell%E...LaPadula_model

                      Its called the Bell PaPadula Model. This means you should only be able to screenshot applications at applications security trust level or lower you should not seen in a screenshot any application of a higher security level in the OS to the application. So the idea that the government usage problem is not screenshots or video capture is wrong.

                      We need this stuff to implement Multi Level Security for government desktops and different company desktops. This is not just a leaked documented thing there is a required functionality the OS has to provided to pass particular standards to used at particular security levels.

                      This is the annoying part seeing stuff appear setup only for digital rights management and not setup for generic Multi Level Security is annoying as well. Every feature those wanting to do for digitial rights management you need to implement Bell PaPadula Model in software completely but in a generic system administrator usable way.
                      Linux never cared for any EAL security levels and AMD doesn't give a shit about MLS. AMD is implementing this because of DRM and DRM only.

                      Comment

                      Working...
                      X