MID-013: Process and Thread Memory Segmentation
Mitigation Tier: Foundational
Description
Separating the memory between processes and threads, using enforcement mechanisms like memory management units (MMUs) or memory protection units (MPUs), shrinks the attack surface available to threat actors. Memory space separation prevents a threat actor from trivially accessing the memory of other threads or processes to conduct lateral movement, privilege escalation, or process manipulation. This is frequently done through using virtual memory allocation schemes with the MMU.
Additionally, running all software/applications in separate isolated memory-restricted regions and using the kernel/OS to broker between processes can greatly reduce a device’s threat landscape. This is because restricting software/applications to their own segments and using kernel-brokered inter-process communication (IPC) forces adversaries to kernel to gain unauthorized access to other processes.
Limitations: IPC implementations will vary and will depend on the function of the devices and its hardware architecture. IPC mechanisms and kernel system calls can have their own vulnerabilities that allow privilege escalation or lateral movement.
IEC 62443 4-2 Mappings
- SAR / EDR / HDR / NDR 3.2 – Protection from malicious code
References
[1] timlt. “Develop secure embedded applications with Eclipse ThreadX.” microsoft.com. Accessed: Aug. 28, 2024. [Online.] Available: https://learn.microsoft.com/en-us/azure/iot-develop/concepts-azure-rtos-security-practices#embedded-security-components-memory-protection
[2] D. Pandey. “Inter Process Communication (IPC).” geeksforgeeks.org. Accessed: Aug. 28, 2024. [Online.] Available: https://www.geeksforgeeks.org/inter-process-communication-ipc/
[3] BlackBerry. “Interprocess Communication (IPC).” qnx.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.qnx.com/developers/docs/7.1/#com.qnx.doc.neutrino.sys_arch/topic/ipc.html