Download Detecting Peripheral-based Attacks on the Host Memory by Patrick Stewin PDF

By Patrick Stewin

This paintings addresses stealthy peripheral-based assaults on host desktops and provides a brand new method of detecting them. Peripherals might be considered as separate platforms that experience a committed processor and devoted runtime reminiscence to deal with their initiatives. The publication addresses the matter that peripherals regularly converse with the host through the host’s major reminiscence, storing cryptographic keys, passwords, opened documents and different delicate info within the technique – a side attackers are quickly to exploit.

Here, stealthy malicious software program in line with remoted micro-controllers is applied to behavior an assault research, the result of which offer the root for constructing a unique runtime detector. The detector unearths stealthy peripheral-based assaults at the host’s major reminiscence by means of exploiting sure houses, whereas an enduring and resource-efficient size procedure guarantees that the detector can also be in a position to detecting temporary assaults, that may differently be successful whilst the utilized procedure simply measures intermittently. Attackers take advantage of this technique by way of attacking the method in among measurements and erasing all lines of the assault earlier than the approach is measured again.

Show description

Read Online or Download Detecting Peripheral-based Attacks on the Host Memory PDF

Best network security books

Guide to Computer Forensics and Investigations (3rd Edition)

Grasp the talents essential to release and entire a winning desktop research with the up-to-date fourth version of this renowned ebook, advisor TO desktop FORENSICS AND INVESTIGATIONS. This source courses readers via engaging in a high-tech research, from buying electronic facts to reporting its findings.

The Executive MBA in Information Security

In line with the Brookings Institute, an organization’s details and different intangible resources account for over eighty percentage of its industry worth. because the basic sponsors and implementers of knowledge defense courses, it truly is crucial for these in key management positions to own an outstanding figuring out of the continually evolving basic strategies of data defense administration.

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID

Community safety has develop into an enormous a part of company IT technique and safeguarding the entire nooks and crannies of your community should be well timed and costly. This ebook offers information regarding the way to use unfastened Open resource instruments to construct and deal with an Intrusion Detection approach. Rehman presents designated information regarding utilizing laugh as an IDS and utilizing Apache, MySQL, personal home page and ACID to research intrusion information.

Information Security and Cryptology -- ICISC 2013: 16th International Conference, Seoul, Korea, November 27-29, 2013, Revised Selected Papers

This publication constitutes the completely refereed post-conference court cases of the sixteenth foreign convention on info safety and Cryptology, ICISC 2013, held in Seoul, Korea in November 2013. The 31 revised complete papers offered including 2 invited talks have been conscientiously chosen from 126 submissions in the course of rounds of reviewing.

Additional resources for Detecting Peripheral-based Attacks on the Host Memory

Sample text

A serial port is emulated to implement text console redirection [see 79, Chap. 5]. Text output that is sent to this port is forwarded to a remote console via the network. With this capability an administrator can remotely control the BIOS. To implement disk redirection a local disk is emulated by the ME environment [see 79, Chap. 5]. , a CDROM with an operating system installer to recover the operating system of the AMT enabled platform) via the locally emulated disk. During the platform power-on procedure the ME firmware image is loaded into ME RAM.

The authors mention that they can copy the screen content, strings, and key material using DMA reads. Furthermore, with DMA writes, the authors can change the screen content, conduct a privilege escalation attack, and inject code into the runtime memory of the host. Boileau [17] also covered a FireWire-based DMA attack. The author was able to attack a Windows XP based laptop computer. In 2007, Piegdon and Pimenidis [101] published another FireWire related DMA attack paper. They described how to steal private SSH keys as well as to inject arbitrary code.

2 Devices Firmly Established Inside the Platform Chassis In this work we have a clear focus on stealthiness. The attacker must not need physical access to the target machine to increase the probability of stealthy infiltration. Hence, the attack devices presented in Sect. 1 are not considered by our trust and adversary model, see Sect. 7. We focus on attacks that originate from platform peripherals. This section considers DMA attacks that originate from platform peripherals such as special management controller, network interface cards, and video cards.

Download PDF sample

Rated 4.83 of 5 – based on 16 votes