Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 UCR Firmware Attacks and Security introduction.

Published byAriel Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "1 UCR Firmware Attacks and Security introduction."— Presentation transcript:

1 1 UCR Firmware Attacks and Security introduction

2 2 UCR Firmware attacks We have focused on software and CPU security, but what about peripheral devices? They run microcontrols/firmware  Often this is large and complex  Can be attacked  Often they have physical access to the devices not mediated by OS or CPU Real danger, many published attacks on variety of I/O devices and buses  E.g., Stuxnet worm

3 3 UCR “The Real Story of Stuxnet,” IEEE Spectrum, Feb. 2013

4 4 UCR Common attack 1: Data Exfiltration I/O devices can have DMA access to memory DMA memory permissions do not go through the page table  Can access arbitrary memory, recover data, keys etc… Defenses?  IO/MMU and things like Intel Vt-d

5 5 UCR Intel Virtualization Technology for Directed I/O (Vt-d) Currently implements:  I/O device assignment  Allows adminstrator to assign I/O device to VMs in any configuration  DMA Remapping: supports address translation device DMA transfers  Interrupt remapping: provides VM routing and isolation of device interrupts  Reliability: record software DMA and interrupt errors that otherwise may corrupt memory and impact isolation https://www- ssl.intel.com/content/www/us/en/virtualization/virtualization- technology/intel-virtualization-technology.html?iid=tech_vt+tech

6 6 UCR Common attack 2: Bootkits Multiple pieces of firmware load prior to or during execution of OS  Attackers with software access (if they are vulnerable and expose interfaces) or physical access can compromise any of them  Boot process is compromised, anything can be booted  Could run in a more privileged mode than the OS (e.g., System Management Mode)  Very old attack: e.g., viruses compromising Master Boot Record Solution?  Secure load/attested load using the TPM

7 7 UCR Aside: SMM Feature started in 386SL  Allows the OS to be interrupted  Code in the SMM runs at a very high priviledge level  OS has no idea that it is running (undetectable other than timing) SM-RAM holds SMM state – unaccessible in normal mode Has some legitimate uses (e.g., emulating hardware) But has mostly been a haven for rootkits

8 8 UCR NSA Likes it

9 9 UCR Common (?) Attack 3: Backdoors/trojans Backdoors/trojans installed by the manufacturers Several reported; prevalence unknown…

10 10 UCR Example: Hard drive backdoor Can exploit firmware (not will written code usually) Once you exploit it (remotely) you can:  Make a disk commit suicide  Or mess with data any way that you want But can you exfiltrate the data or have it act as a backdoor?  Yes! NSA was doing that too, but this is based on a research paper  Linked on website

11 11 UCR

12 12 UCR Do not need manufacturer help – reverse engineering kit

13 13 UCR Protection and Detection? Is the problem different from hardware trojans?  Next class Firmware integrity verification?  Yes, unless the firmware comes with the backdoor  Updates? Sign those too  Alan will tell us about Viper Intrusion detection? Encryption?

Download ppt "1 UCR Firmware Attacks and Security introduction."

Similar presentations

Virtualization Technology

Virtualization Technology
Operating System.

Operating System.
Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.

Chapter 3 Multics. Chapter Overview Multics contribution to technology Multics History Multics System – Fundamentals – Security Fundamentals – Protection.
FIU Chapter 7: Input/Output Jerome Crooks Panyawat Chiamprasert

FIU Chapter 7: Input/Output Jerome Crooks Panyawat Chiamprasert
Crucial Security Programs Ring -1 vs. Ring -2: Containerizing Malicious SMM Interrupt Handlers on AMD-V Pete Markowsky Senior Security Researcher

Crucial Security Programs Ring -1 vs. Ring -2: Containerizing Malicious SMM Interrupt Handlers on AMD-V Pete Markowsky Senior Security Researcher
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Malwares – Types & Defense Raghunathan Srinivasan Sept 25, 2007 CSE 466/598 Computer Systems Security.

Malwares – Types & Defense Raghunathan Srinivasan Sept 25, 2007 CSE 466/598 Computer Systems Security.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Input-output and Communication Prof. Sin-Min Lee Department of Computer Science.

Input-output and Communication Prof. Sin-Min Lee Department of Computer Science.
OS Fall ’ 02 Introduction Operating Systems Fall 2002.

OS Fall ’ 02 Introduction Operating Systems Fall 2002.
EET 450 Chapter 2 – How hardware and Software Work Together.

EET 450 Chapter 2 – How hardware and Software Work Together.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.

Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.
Input-Output Problems L1 Prof. Sin-Min Lee Department of Mathematics and Computer Science.

Input-Output Problems L1 Prof. Sin-Min Lee Department of Mathematics and Computer Science.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #29-1 Chapter 33: Virtual Machines Virtual Machine Structure Virtual Machine.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Similar presentations

Ads by Google