Computer architecture: a quantitative approach
Computer architecture: a quantitative approach
PCI Express System Architecture
PCI Express System Architecture
PC Hardware in a Nutshell, 3rd Edition
PC Hardware in a Nutshell, 3rd Edition
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Linux Device Drivers, 3rd Edition
Linux Device Drivers, 3rd Edition
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
SMM rootkits: a new breed of OS independent malware
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Dynamics of a Trusted Platform: A Building Block Approach
Dynamics of a Trusted Platform: A Building Block Approach
Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition
Windows Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition
Active Platform Management Demystified: Unleashing the Power of Intel VPro (TM) Technology
Active Platform Management Demystified: Unleashing the Power of Intel VPro (TM) Technology
VIPER: verifying the integrity of PERipherals' firmware
Proceedings of the 18th ACM conference on Computer and communications security
What if you can't trust your network card?
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Attackers constantly explore ways to camouflage illicit activities against computer platforms. Stealthy attacks are required in industrial espionage and also by criminals stealing banking credentials. Modern computers contain dedicated hardware such as network and graphics cards. Such devices implement independent execution environments but have direct memory access (DMA) to the host runtime memory. In this work we introduce DMA malware, i.e., malware executed on dedicated hardware to launch stealthy attacks against the host using DMA. DMA malware goes beyond the capability to control DMA hardware. We implemented DAGGER, a keylogger that attacks Linux and Windows platforms. Our evaluation confirms that DMA malware can efficiently attack kernel structures even if memory address randomization is in place. DMA malware is stealthy to a point where the host cannot detect its presense. We evaluate and discuss possible countermeasures and the (in)effectiveness of hardware extensions such as input/output memory management units.