Jump to content
Nytro

Hardware Involved Software Attacks

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Hardware Involved Software Attacks

Jeff Forristal jeff.forristal_@_intel.com

Abstract

Computer security vulnerabilities involving hardware are under-represented within the security industry. With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important to start laying a foundation on how to understand, characterize, and defend against these types of hybrid attacks. This paper introduces and details a starting taxonomy of security attacks called hardware involved software attacks, in an effort to further security community awareness of hardware security and its role in upholding the security of the PC platform.

Table of Contents
Preface ......................................................................................................................................................... 3
PC System Stack: Setting the Stage ............................................................................................................... 3
Focus on the Hardware Layer ................................................................................................................... 5
Forced Migration Down the Stack ............................................................................................................ 6
Hardware Background ................................................................................................................................. 7
How Hardware Facilitates Security Attacks .............................................................................................. 8
Obtaining Hardware Access ...................................................................................................................... 8
Taxonomy of Hardware Involved Software Attacks ..................................................................................... 9
Inappropriate General Access to Hardware............................................................................................ 10
Unexpected Consequences of Specific Hardware Function ................................................................... 11
Hardware Reflected Injection ................................................................................................................. 11
Interference with Hardware Privilege Access Enforcement ................................................................... 13
Access By a Parallel Executing Entity ...................................................................................................... 13
External Control of a Hardware Device .................................................................................................. 14
Incorrect Hardware Use .......................................................................................................................... 14
Where to Go From Here ............................................................................................................................. 15
Appendix A – Publicized Hardware Vulnerabilities ..................................................................................... 15
CVE List of Hardware Involved Software Vulnerabilities ........................................................................ 16

Download:

http://www.forristal.com/material/Forristal_Hardware_Involved_Software_Attacks.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...