By Patrick Stewin

This paintings addresses stealthy peripheral-based assaults on host pcs and offers a brand new method of detecting them. Peripherals might be considered as separate platforms that experience a devoted processor and devoted runtime reminiscence to address their initiatives. The publication addresses the matter that peripherals commonly converse with the host through the host’s major reminiscence, storing cryptographic keys, passwords, opened records and different delicate info within the technique – a facet attackers are quickly to exploit.

Here, stealthy malicious software program in keeping with remoted micro-controllers is carried out to behavior an assault research, the result of which supply the root for constructing a unique runtime detector. The detector finds stealthy peripheral-based assaults at the host’s major reminiscence via exploiting yes houses, whereas an everlasting and resource-efficient size technique guarantees that the detector is additionally able to detecting brief assaults, which could another way prevail whilst the utilized technique basically measures intermittently. Attackers make the most this method by way of attacking the process in among measurements and erasing all lines of the assault sooner than the process is measured again.

Show description

Read or Download Detecting Peripheral-based Attacks on the Host Memory PDF

Similar network security books

IPSec (2nd Edition)

IPSec, moment variation is the main authoritative, finished, available, and up to date advisor to IPSec know-how. best experts conceal all points of IPSec structure, implementation, and deployment; overview very important technical advances due to the fact that IPSec was once first standardized; and current new case stories demonstrating end-to-end IPSec protection.

A Survey of Data Leakage Detection and Prevention Solutions

SpringerBriefs current concise summaries of state-of-the-art learn and sensible functions throughout a large spectrum of fields. that includes compact volumes of fifty to a hundred pages (approximately 20,000- 40,000 words), the sequence covers various content material from specialist to educational. Briefs permit authors to offer their principles and readers to soak up them with minimum time funding.

Unified Communications Forensics. Anatomy of Common UC Attacks

Unified Communications Forensics: Anatomy of universal UC assaults is the 1st booklet to give an explanation for the problems and vulnerabilities and reveal the assaults, forensic artifacts, and countermeasures required to set up a safe (UC) setting. This publication is written via top UC specialists Nicholas provide and Joseph W.

CCSP Self-Study CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide

Community safeguard is a truly advanced enterprise. The Cisco graphics Firewall plays a few very particular services as a part of the safety strategy. you will need to to be conversant in many networking and community safety suggestions prior to you adopt the CSPFA certification. This ebook is designed for protection pros or networking execs who're drawn to starting the protection certification technique.

Additional info for Detecting Peripheral-based Attacks on the Host Memory

Example text

108] has a TPM solution based on firmware. 4 Monitoring Approaches Another interesting approach was presented by Duflot et al. [46]. NIC adapter-specific debug features are used to monitor the firmware execution. Such features are not available for other peripherals. Another deficiency is the significant performance issue for the host (100 % utilization of one CPU core). Our goal is also the development of a runtime monitor. In contrast to the monitor described by Duflot et al. [46] our monitor is required (i) to be independent of the inner workings of the peripheral and (ii) to cause significant less performance overhead, see Chap.

1 are not considered by our trust and adversary model, see Sect. 7. We focus on attacks that originate from platform peripherals. This section considers DMA attacks that originate from platform peripherals such as special management controller, network interface cards, and video cards. Tereshkin and Wojtczuk [131] demonstrated that the DMA engine of Intel’s ME can be used to write to host memory. The authors described a vulnerability that allows to inject code into the ME environment. The code of Tereshkin and Wojtczuk did not implement any malware behavior.

We use ethernet controller to exfiltrate the captured keystroke codes. To be more precise, we use the OOB features of the Intel ME environment. Unfortunately, there is no documentation that explains how to use this feature. Hence, we had to analyze the firmware to figure out how to exfiltrate keystroke codes using the OOB channel. We were able to find the transmit ring buffer that is used to send network packets in the ME runtime memory. Furthermore, we were also able to find the firmware code that is responsible for sending the next network packet from the transmit ring buffer.

Download PDF sample

Rated 4.45 of 5 – based on 21 votes