IOMMU protection against I/O attacks: a vulnerability and a proof of concept

IOMMU protection against I/O attacks: a vulnerability and a proof of concept

Abstract Input/output (I/O) attacks have received increasing attention during the last decade. These attacks are performed by malicious peripherals that make read or write accesses to DRAM memory or to memory embedded in other peripherals, through DMA (Direct Memory Access) requests. Some protection...

Full description

Bibliographic Details
Main Authors: Benoît Morgan, Éric Alata, Vincent Nicomette, Mohamed Kaâniche
Format: Article
Language:English
Published: SpringerOpen 2018-01-01
Series:Journal of the Brazilian Computer Society
Subjects:
Security
IOMMU
Firmware
Linux
Vulnerability
Attack
Online Access:http://link.springer.com/article/10.1186/s13173-017-0066-7
id doaj-331338ab6362468cbee87bafd9b672c1
record_format Article
spelling doaj-331338ab6362468cbee87bafd9b672c12021-03-02T03:41:38ZengSpringerOpenJournal of the Brazilian Computer Society0104-65001678-48042018-01-0124111110.1186/s13173-017-0066-7IOMMU protection against I/O attacks: a vulnerability and a proof of conceptBenoît Morgan0Éric Alata1Vincent Nicomette2Mohamed Kaâniche3Laboratoire d’Analyse et d’Architecture des Systèmes (LAAS-CNRS)Laboratoire d’Analyse et d’Architecture des Systèmes (LAAS-CNRS)Laboratoire d’Analyse et d’Architecture des Systèmes (LAAS-CNRS)Laboratoire d’Analyse et d’Architecture des Systèmes (LAAS-CNRS)Abstract Input/output (I/O) attacks have received increasing attention during the last decade. These attacks are performed by malicious peripherals that make read or write accesses to DRAM memory or to memory embedded in other peripherals, through DMA (Direct Memory Access) requests. Some protection mechanisms have been implemented in modern architectures to face these attacks. A typical example is the IOMMU (Input-Output Memory Management Unit). However, such mechanisms may not be properly configured and used by the firmware and the operating system. This paper describes a design weakness that we discovered in the configuration of an IOMMU and a possible exploitation scenario that would allow a malicious peripheral to bypass the underlying protection mechanism. The exploitation scenario is implemented for Intel architectures, with a PCI Express peripheral Field Programmable Gate Array, based on Intel specifications and Linux source code analysis. Finally, as a proof of concept, a Linux rootkit based on the attack presented in this paper is implemented.http://link.springer.com/article/10.1186/s13173-017-0066-7SecurityIOMMUFirmwareLinuxVulnerabilityAttack
collection DOAJ
language English
format Article
sources DOAJ
author Benoît Morgan
Éric Alata
Vincent Nicomette
Mohamed Kaâniche
spellingShingle Benoît Morgan
Éric Alata
Vincent Nicomette
Mohamed Kaâniche
IOMMU protection against I/O attacks: a vulnerability and a proof of concept
Journal of the Brazilian Computer Society
Security
IOMMU
Firmware
Linux
Vulnerability
Attack
author_facet Benoît Morgan
Éric Alata
Vincent Nicomette
Mohamed Kaâniche
author_sort Benoît Morgan
title IOMMU protection against I/O attacks: a vulnerability and a proof of concept
title_short IOMMU protection against I/O attacks: a vulnerability and a proof of concept
title_full IOMMU protection against I/O attacks: a vulnerability and a proof of concept
title_fullStr IOMMU protection against I/O attacks: a vulnerability and a proof of concept
title_full_unstemmed IOMMU protection against I/O attacks: a vulnerability and a proof of concept
title_sort iommu protection against i/o attacks: a vulnerability and a proof of concept
publisher SpringerOpen
series Journal of the Brazilian Computer Society
issn 0104-6500
1678-4804
publishDate 2018-01-01
description Abstract Input/output (I/O) attacks have received increasing attention during the last decade. These attacks are performed by malicious peripherals that make read or write accesses to DRAM memory or to memory embedded in other peripherals, through DMA (Direct Memory Access) requests. Some protection mechanisms have been implemented in modern architectures to face these attacks. A typical example is the IOMMU (Input-Output Memory Management Unit). However, such mechanisms may not be properly configured and used by the firmware and the operating system. This paper describes a design weakness that we discovered in the configuration of an IOMMU and a possible exploitation scenario that would allow a malicious peripheral to bypass the underlying protection mechanism. The exploitation scenario is implemented for Intel architectures, with a PCI Express peripheral Field Programmable Gate Array, based on Intel specifications and Linux source code analysis. Finally, as a proof of concept, a Linux rootkit based on the attack presented in this paper is implemented.
topic Security
IOMMU
Firmware
Linux
Vulnerability
Attack
url http://link.springer.com/article/10.1186/s13173-017-0066-7
work_keys_str_mv AT benoitmorgan iommuprotectionagainstioattacksavulnerabilityandaproofofconcept
AT ericalata iommuprotectionagainstioattacksavulnerabilityandaproofofconcept
AT vincentnicomette iommuprotectionagainstioattacksavulnerabilityandaproofofconcept
AT mohamedkaaniche iommuprotectionagainstioattacksavulnerabilityandaproofofconcept
_version_ 1724243479365681152

Similar Items