{"title":"针对嵌入式多操作系统环境中通过恶意固件注入的协处理器对受限内存区域的攻击","authors":"Pierre Schnarz, J. Wietzke, I. Stengel","doi":"10.1145/2556315.2556318","DOIUrl":null,"url":null,"abstract":"Multi-operating systems have been introduced to manage the manifold requirements of embedded systems. Especially in safety critical environments like the automotive domain the system's security must be guaranteed. Despite the state-of-the-art virtualization mechanisms, the idea of asymmetric-multi-processing can be used to split a system's hardware resources, which makes the virtualization of hardware obsolete. However, this special technique to implement a multi-operating system might add special demands to security objectives like isolation. In this paper an attack vector is shown, which utilizes a co-processor to break through the isolation of an operating system domain. Using a multi-operating system environment, we inject a malicious firmware into the co-processor in order to circumvent isolation mechanisms on behalf of an attacking operating system. Our attack vector demonstrates weaknesses in CPU centric isolation mechanisms, which will be further presented in the remainder of the document.","PeriodicalId":153749,"journal":{"name":"CS2 '14","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-01-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Towards attacks on restricted memory areas through co-processors in embedded multi-OS environments via malicious firmware injection\",\"authors\":\"Pierre Schnarz, J. Wietzke, I. Stengel\",\"doi\":\"10.1145/2556315.2556318\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Multi-operating systems have been introduced to manage the manifold requirements of embedded systems. Especially in safety critical environments like the automotive domain the system's security must be guaranteed. Despite the state-of-the-art virtualization mechanisms, the idea of asymmetric-multi-processing can be used to split a system's hardware resources, which makes the virtualization of hardware obsolete. However, this special technique to implement a multi-operating system might add special demands to security objectives like isolation. In this paper an attack vector is shown, which utilizes a co-processor to break through the isolation of an operating system domain. Using a multi-operating system environment, we inject a malicious firmware into the co-processor in order to circumvent isolation mechanisms on behalf of an attacking operating system. Our attack vector demonstrates weaknesses in CPU centric isolation mechanisms, which will be further presented in the remainder of the document.\",\"PeriodicalId\":153749,\"journal\":{\"name\":\"CS2 '14\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-01-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"CS2 '14\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2556315.2556318\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"CS2 '14","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2556315.2556318","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards attacks on restricted memory areas through co-processors in embedded multi-OS environments via malicious firmware injection
Multi-operating systems have been introduced to manage the manifold requirements of embedded systems. Especially in safety critical environments like the automotive domain the system's security must be guaranteed. Despite the state-of-the-art virtualization mechanisms, the idea of asymmetric-multi-processing can be used to split a system's hardware resources, which makes the virtualization of hardware obsolete. However, this special technique to implement a multi-operating system might add special demands to security objectives like isolation. In this paper an attack vector is shown, which utilizes a co-processor to break through the isolation of an operating system domain. Using a multi-operating system environment, we inject a malicious firmware into the co-processor in order to circumvent isolation mechanisms on behalf of an attacking operating system. Our attack vector demonstrates weaknesses in CPU centric isolation mechanisms, which will be further presented in the remainder of the document.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
