IOMMU-resistant DMA attacks

Speaker:
Gil Kupfer, M.Sc. Thesis Seminar
Date:
Wednesday, 14.2.2018, 18:00
Place:
Taub 601
Advisor:
Prof. Dan Tsafrir and Dr. Nadav Amit

The direct memory access (DMA) mechanism allows I/O devices to independently access the memory without CPU involvement, improving performance but exposing systems to malicious DMA attacks. Hardware vendors therefore introduced IOMMUs (I/O memory management units), allowing operating systems to defend themselves by restricting DMAs to specific memory locations. When configured correctly, the latest generation of IOMMUs is thus considered an appropriate solution to the problem. We challenge this perception and uncover a new type of IOMMU-resistant DMA attacks, which are capable of taking over the system by exploiting the fact that IOMMU protection is provided in page granularity, which we find to be too coarse. We demonstrate that the vulnerability is spread across different device drivers and kernel subsystems, making it challenging to come up with a generic, performant fix.

Back to the index of events