An introduction to Kolmogorov complexity and its applications (2nd ed.)
An introduction to Kolmogorov complexity and its applications (2nd ed.)
FireWire system architecture (2nd ed.): IEEE 1394a
FireWire system architecture (2nd ed.): IEEE 1394a
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Network Security with Openssl
Playing "Hide and Seek" with Stored Keys
FC '99 Proceedings of the Third International Conference on Financial Cryptography
Analyzing worms and network traffic using compression
Journal of Computer Security
IEEE Transactions on Information Theory
IEEE Transactions on Information Theory
A survey of main memory acquisition and analysis techniques for the windows operating system
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Mutual remote attestation: enabling system cloning for TPM based platforms
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Hi-index | 0.00 |
This paper introduces new advances in gaining unauthorised access to a computer by accessing its physical memory via various means. We will show a unified approach for using IEEE1394, also known as firewire, file descriptors and other methods to read from and write into a victim's memory. Thereafter we will show the power of this ability in several example attacks: stealing private SSH keys, and injecting arbitrary code in order to obtain interactive access with administrator privileges on the victim's computer.These advances are based on data structures that are required by the CPU to provide virtual address spaces for each process running on the system. These data structures are searched and parsed in order to reassemble pages scattered in physical memory, thus being able to read and write in each processes virtual address space.The attacks introduced in this paper are adaptable to all kinds of operating system and hardware combinations. As a sample target, we have chosen Linux on an IA-32 system with the kernel-options CONFIG_NOHIGH MEMor CONFIG_HIGHMEM4G, CONFIG_VMSPLIT_3Gand CONFIG_PAGE_OFFSET= 0xC0000000.