Towards Efficient and Effective IOMMU-based Protection from DMA Attacks
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Malicious actors can carry out direct memory access (DMA) attacks to compromise computer systems. In such attacks, peripheral devices abuse their ability to read and write physical memory independently of the CPU to violate the confidentiality or integrity of a system’s data. Relatively recently, commodity architectures have incorporated the I/O memory management unit (IOMMU), which allows the CPU to govern peripheral device memory access. This thesis demonstrates that IOMMU usage in existing operating systems does not protect against DMA attacks effectively and comes with a prohibitively high performance cost. It introduces Thunderclap, a novel DMA attack platform used to carry out new attacks that completely compromise FreeBSD, macOS, Linux, and Windows, even with their current IOMMU-based protections enabled. It then presents and evaluates strategies for IOMMU usage that make strides towards efficient and effective protection from DMA attacks.
Description
Advisor
Degree
Type
Keywords
Citation
Gutstein, Brett Ferdosi. "Towards Efficient and Effective IOMMU-based Protection from DMA Attacks." (2018) Master’s Thesis, Rice University. https://hdl.handle.net/1911/105702.