diff --git a/graphs/graphs.ms b/graphs/graphs.ms index 2fbcd98..a747f52 100644 --- a/graphs/graphs.ms +++ b/graphs/graphs.ms @@ -888,11 +888,14 @@ However, a few security mechanisms exist to prevent data leak or data modificati .B "Preventing data leak" . Since DODB is a library, any attack on the application using it can lead to a data leak. For the moment, any part of the application can access data stored in memory. -Operating systems provide system calls to protect parts of the allocated memory: +Operating systems provide system calls to protect parts of the allocated memory. +For instance, .FUNCTION_CALL mlock -prevents a region of memory from being put in the swap, +prevents a region of memory from being put in the swap, which may lead to a data leak. +Also, .FUNCTION_CALL mprotect -prevents the application itself to access part of its own memory unless +prevents the application itself to access part of its own memory; +the idea is to read (or write) memory only once you ask for it via a syscall, so you cannot access it from anywhere by mistake (or after an attack). .TBD .B "Discussion on security, not related to DODB" .