Cox, Alan L2019-05-172019-05-172018-052018-04-20May 2018Gutstein, Brett Ferdosi. "Towards Efficient and Effective IOMMU-based Protection from DMA Attacks." (2018) Master’s Thesis, Rice University. <a href="https://hdl.handle.net/1911/105702">https://hdl.handle.net/1911/105702</a>.https://hdl.handle.net/1911/105702Malicious actors can carry out direct memory access (DMA) attacks to compromise computer systems. In such attacks, peripheral devices abuse their ability to read and write physical memory independently of the CPU to violate the confidentiality or integrity of a system’s data. Relatively recently, commodity architectures have incorporated the I/O memory management unit (IOMMU), which allows the CPU to govern peripheral device memory access. This thesis demonstrates that IOMMU usage in existing operating systems does not protect against DMA attacks effectively and comes with a prohibitively high performance cost. It introduces Thunderclap, a novel DMA attack platform used to carry out new attacks that completely compromise FreeBSD, macOS, Linux, and Windows, even with their current IOMMU-based protections enabled. It then presents and evaluates strategies for IOMMU usage that make strides towards efficient and effective protection from DMA attacks.application/pdfengCopyright is held by the author, unless otherwise indicated. Permission to reuse, publish, or reproduce the work beyond the bounds of fair use or other exemptions to copyright law must be obtained from the copyright holder.IOMMUDMAattackperipheraldeviceThunderclaparchitectureoperating systemcomputer systemscomputer securityhardwaremacOSLinuxWindowsFreeBSDThesis2019-05-17