This work addresses stealthy peripheral-based attacks on host computers and presents a new approach to detecting them. Peripherals can be regarded as separate systems that have a dedicated processor and dedicated runtime memory to handle their tasks. The book addresses the problem that peripherals generally communicate with the host via the hostas main memory, storing cryptographic keys, passwords, opened files and other sensitive data in the process a an aspect attackers are quick to exploit. Here, stealthy malicious software based on isolated micro-controllers is implemented to conduct an attack analysis, the results of which provide the basis for developing a novel runtime detector. The detector reveals stealthy peripheral-based attacks on the hostas main memory by exploiting certain hardware properties, while a permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks, which can otherwise succeed when the applied strategy only measures intermittently. Attackers exploit this strategy by attacking the system in between two measurements and erasing all traces of the attack before the system is measured again.With the same setup we determined how many bus transactions are needed when the USB device has new data that are to be transmitted into the main ... The same is true for a key release event. ... We had to analyze one more bus master when we tested our detection model on Lenovo Thinkpad laptops. We were unable to turn off the fingerprint reader (FR) via the BIOS on an older Thinkpad model.
|Title||:||Detecting Peripheral-based Attacks on the Host Memory|
|Publisher||:||Springer - 2014-12-27|