Title :
Exploiting an I/OMMU vulnerability
Author :
Sang, Fernand Lone ; Lacombe, Éric ; Nicomette, Vincent ; Deswarte, Yves
Author_Institution :
LAAS, CNRS, Toulouse, France
Abstract :
It is difficult to protect an operating system kernel in an efficient way. Attackers can corrupt or subvert it by two different means: (1) the CPU; (2) the Direct Memory Access (DMA) capability of I/O controllers. DMA-based attacks can be blocked using an I/OMMU. This component, embedded in most of current chipsets, enables the operating system to virtualize the main memory for I/O controllers and to restrict their access to only some memory regions. In this paper, we present different vulnerabilities we identified on Intel VT-d, which implements an I/OMMU. An example of exploitation of one of them is then detailed. Finally, we give some recommendations to prevent these vulnerabilities from being used for malicious purposes.
Keywords :
file organisation; operating system kernels; security of data; I/O controllers; I/OMMU vulnerability; Intel VT-d; direct memory access; operating system kernel; Bridges; Ethernet networks; Hardware; Kernel; Registers;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on
Conference_Location :
Nancy, Lorraine
Print_ISBN :
978-1-4244-9353-1
DOI :
10.1109/MALWARE.2010.5665798
