Nytro Posted October 26, 2015 Report Posted October 26, 2015 Run-DMAAuthors: Michael Rushanan and Stephen Checkoway, Johns Hopkins UniversityOpen Access ContentUSENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access. Rushanan PDFView the slidesBibTeXAbstract: Copying data from devices into main memory is a computationally-trivial, yet time-intensive, task. In order to free the CPU to perform more interesting work, computers use direct memory access (DMA) engines—a special-purpose piece of hardware—to transfer data into and out of main memory. We show that the ability to chain together such memory transfers, as provided by commodity hardware, is sufficient to perform arbitrary computation. Further, when hardware peripherals can be accessed via memory-mapped I/O, they are accessible to "DMA programs." To demonstrate malicious behavior, we build a proof-of-concept DMA rootkit that modifies kernel objects in memory to perform privilege escalation for target processes.Sursa: https://www.usenix.org/conference/woot15/workshop-program/presentation/rushanan Quote
