Philosophy of Computer Science: Boundaries
One of the reasons that I’ve decided to spend my life studying Computer Science is its deep connections with philosophy. Mankind has been asking deep philosophical questions for a very long time, but we’ve been able to chip away at these questions only recently. I’ll review a few more of these connections later, but right now I’d like to focus on Boundaries.
When a program is running it does so within a ‘memory space’. Modern Operating Systems practice various forms of memory isolation between processes. This is done to prevent the memory manipulations performed by one program from affecting the state of any other programs. So the OS enforces a boundary between the memories of different running programs.
The OS also provides to each program an ‘environment’. The environment can be used for a number of things, and is typically used to pass settings implicitly (via key/value pairs), so that the program is able to behave slightly differently depending on the environment in which it is run. The OS also provides services to the program, so that it may (in a well-defined manner) communicate with the ‘outside’ world. It’s through these services that the program can access files, get keystrokes and other user input, talk to other computers using network protocols, etc.
The OS also maintains for each program the illusion that it is the only one running. As far as the program is concerned it is the only thing in the universe, and the universe (other programs, external devices, etc.) responds to communication in a well-defined manner. Any running program is the center of a virtual universe. It’s this virtuality that I’d like to explore.
Tron: Can a program break out of its universe? and if so, What’s out there?
Operating Systems didn’t always isolate programs as effectively as they do now. It used to be possible for one program to read, and even edit the memory space of a different program. Of course this almost always leads to erratic behavior for either or both programs, that ultimately winds up with a crash. But if a program could step outside of its universe, what would it see?
The memory of other programs. In the Tron link above, the light-cycles were able to break out of their battle arena, and wander around the system. Unfortunately, since they actually wrote back the light trail, the memory they wandered over would be corrupted. But suppose they only read? This would never harm the assumptions made by another program, so it wouldn’t be likely to lead to a system crash. And if assumptions about the size and address range of physical memory is known by the program, then it can be made to never trigger an out-of-bounds exception by the OS. This underlies the classic buffer vulnerability. Using this technique, a program can print out the memory contents of other programs (potentially revealing information that was supposed to be confidential).
So far I’ve been talking about a conceptual boundary that programmers deal with. What about the users of a system? do they ever notice the boundaries? Steve Yegge observes that in games like Mario Kart, there’s an Invisible Wall marking the boundary of game play. Outside the wall lies
When we reason about our own universe, we should adopt the same point of view that we have for programs. We can’t access ‘outside’ our universe. So lets ask some of these questions.
|Question||Program’s Answer||Our Answer|
|What’s outside the universe?||Memory in an
||It’s an ill-defined question. By definition it’s not matter, energy, or space; and we don’t have any way to reason about it.|
|What was there before the universe?||There is no before. In order to exist, the OS had to allocate and overwrite what was in memory before the program starts.||It’s an ill-defined question. Time began with the universe: there is no ‘before the beginning of time’.|
|Can we tell that we are in a virtualized environment?||Sometimes, yes. There are ways to Detect System Emulators.||Possibly, but I don’t know of any way. (Possibly experiments to detect non-conservation of information). Further research is needed.|
That last question deserves more discussion:
- It’s possible to go the other way! Instead of breaking out of the matrix, it’s possible to put the universe into one. Using the Blue Pill.
- Writers of software for penetration and infiltration wish to avoid honeypots. Honeypots are cheaply created via Virtual Machines, but, as in the case of VMWare, introspection on the drivers can allow a program to tell that its underlying OS uses VMWare devices, and is therefore virtual.
- The program can look for differences in behavior between real and virtual machines: CPU specific bugs, model specific registers, timing of system calls, relative performance of assembly instructions, memory alignment, cache performance, etc.