{"title":"重定向DRAM内存页:检查系统内存硬件木马的威胁","authors":"Bradley D. Hopkins, J. Shield, Chris J. North","doi":"10.1109/HST.2016.7495582","DOIUrl":null,"url":null,"abstract":"The trustworthiness of electronic components procured and deployed in critical infrastructure can not be guaranteed. These components may contain Hardware Trojans. Understanding the threat characteristics of these Hardware Trojans is critical to the development of future security risk mitigations. One key threat is posed by Hardware Trojans located in System Memory chips, such as those found in DIMM memory. We present a physical prototype of a Memory Hardware Trojan that only requires 230 slices, performs physical page address redirection, operates in standard systems, and can be leveraged by an unprivileged software process to bypass memory protection. We demonstrate the effectiveness of our trojan with privilege escalation and virtual machine breakout use cases. Based on our designs and experimental findings, we identify insights and discuss mitigation strategies.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Redirecting DRAM memory pages: Examining the threat of system memory Hardware Trojans\",\"authors\":\"Bradley D. Hopkins, J. Shield, Chris J. North\",\"doi\":\"10.1109/HST.2016.7495582\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The trustworthiness of electronic components procured and deployed in critical infrastructure can not be guaranteed. These components may contain Hardware Trojans. Understanding the threat characteristics of these Hardware Trojans is critical to the development of future security risk mitigations. One key threat is posed by Hardware Trojans located in System Memory chips, such as those found in DIMM memory. We present a physical prototype of a Memory Hardware Trojan that only requires 230 slices, performs physical page address redirection, operates in standard systems, and can be leveraged by an unprivileged software process to bypass memory protection. We demonstrate the effectiveness of our trojan with privilege escalation and virtual machine breakout use cases. Based on our designs and experimental findings, we identify insights and discuss mitigation strategies.\",\"PeriodicalId\":194799,\"journal\":{\"name\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST.2016.7495582\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2016.7495582","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Redirecting DRAM memory pages: Examining the threat of system memory Hardware Trojans
The trustworthiness of electronic components procured and deployed in critical infrastructure can not be guaranteed. These components may contain Hardware Trojans. Understanding the threat characteristics of these Hardware Trojans is critical to the development of future security risk mitigations. One key threat is posed by Hardware Trojans located in System Memory chips, such as those found in DIMM memory. We present a physical prototype of a Memory Hardware Trojan that only requires 230 slices, performs physical page address redirection, operates in standard systems, and can be leveraged by an unprivileged software process to bypass memory protection. We demonstrate the effectiveness of our trojan with privilege escalation and virtual machine breakout use cases. Based on our designs and experimental findings, we identify insights and discuss mitigation strategies.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
