Proceedings ArticleDOI
Redirecting DRAM memory pages: Examining the threat of system memory Hardware Trojans
Bradley Hopkins,John Shield,Christopher James Guildford North +2 more
- pp 197-202
TLDR
A physical prototype of a Memory Hardware Trojan that only requires 230 slices, performs physical page address redirection, operates in standard systems, and can be leveraged by an unprivileged software process to bypass memory protection is presented.Abstract:Â
The trustworthiness of electronic components procured and deployed in critical infrastructure can not be guaranteed. These components may contain Hardware Trojans. Understanding the threat characteristics of these Hardware Trojans is critical to the development of future security risk mitigations. One key threat is posed by Hardware Trojans located in System Memory chips, such as those found in DIMM memory. We present a physical prototype of a Memory Hardware Trojan that only requires 230 slices, performs physical page address redirection, operates in standard systems, and can be leveraged by an unprivileged software process to bypass memory protection. We demonstrate the effectiveness of our trojan with privilege escalation and virtual machine breakout use cases. Based on our designs and experimental findings, we identify insights and discuss mitigation strategies.read more
Citations
More filters
Journal ArticleDOI
A Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure
TL;DR: The literature evidence suggests that there is high heterogeneity across crude data indicating that the effectiveness of security measures varies significantly, and most, if not all, security measures require breaches to occur before an analysis of malicious activity can prevent it in future through recall.
Journal ArticleDOI
HarTBleed: Using Hardware Trojans for Data Leakage Exploits
TL;DR: HarTBleed, a class of system attacks involving hardware compromised with a Trojan embedded in the CPU, is presented and it is shown that attacks crafted specifically to make use of the Trojan can be used to obtain sensitive information from the address space of a process.
Proceedings ArticleDOI
Real-Time Instruction Execution Monitoring with Hardware-Assisted Security Monitoring Unit in RISC-V Embedded Systems
TL;DR: In this paper , the authors present a secure RISC-V embedded system by integrating a security monitoring unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by shadow stack are implemented, respectively.
Trustworthy System Security through 3-D Integrated Hardware [poster]
Thuy D. Nguyen,Timothy Sherwood,Cynthia E. Irvine,Ted Huffmire,Timothy E. Levin,Jonathan Valamehr,Ryan Kastner +6 more
TL;DR: The 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST) was held in Anaheim, CA, USA, June 2008 as mentioned in this paper, with a focus on hardware-oriented security and trust.
Proceedings ArticleDOI
Real-Time Instruction Execution Monitoring with Hardware-Assisted Security Monitoring Unit in RISC-V Embedded Systems
TL;DR: In this paper , the authors present a secure RISC-V embedded system by integrating a security monitoring unit (SMU), in which, instruction integrity monitoring by the fine-grained program basic blocks and function return address monitoring by shadow stack are implemented, respectively.
References
More filters
Proceedings ArticleDOI
seL4: formal verification of an OS kernel
Gerwin Klein,Kevin Elphinstone,Gernot Heiser,June Andronick,David Cock,Philip Derrin,Dhammika Elkaduwe,Kai Engelhardt,Rafal Kolanski,Michael Norrish,Thomas Sewell,Harvey Tuch,Simon Winwood +12 more
TL;DR: To the knowledge, this is the first formal proof of functional correctness of a complete, general-purpose operating-system kernel.
Journal ArticleDOI
Lest we remember: cold-boot attacks on encryption keys
J. Alex Halderman,Seth D. Schoen,Nadia Heninger,William Clarkson,William Paul,Joseph A. Calandrino,Ariel J. Feldman,Jacob Appelbaum,Edward W. Felten +8 more
TL;DR: It is shown that dynamic RAM, the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard, and this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine.
Journal ArticleDOI
Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors
Yoongu Kim,Ross Daly,Jeremie S. Kim,Chris Fallin,Ji-Hye Lee,Donghyuk Lee,Christopher B. Wilkerson,Konrad K. Lai,Onur Mutlu +8 more
TL;DR: This paper exposes the vulnerability of commodity DRAM chips to disturbance errors, and shows that it is possible to corrupt data in nearby addresses by reading from the same address in DRAM by activating the same row inDRAM.
Designing and implementing malicious hardware
TL;DR: There is a substantial design space in malicious circuitry; it is shown that an attacker, rather than designing one specific attack, can instead design hardware to support attacks, which allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware.
Proceedings ArticleDOI
Covert and Side Channels Due to Processor Architecture
Zhenghong Wang,Ruby B. Lee +1 more
TL;DR: The RPCache can thwart most cache-based software side channel attacks, with minimal hardware costs and negligible performance impact.