© 2015

Detecting Peripheral-based Attacks on the Host Memory


Part of the T-Labs Series in Telecommunication Services book series (TLABS)

Table of contents

  1. Front Matter
    Pages i-xv
  2. Patrick Stewin
    Pages 1-7
  3. Patrick Stewin
    Pages 21-31
  4. Patrick Stewin
    Pages 53-69
  5. Patrick Stewin
    Pages 71-94
  6. Patrick Stewin
    Pages 95-98
  7. Back Matter
    Pages 99-108

About this book


This work addresses stealthy peripheral-based attacks on host computers and presents a new approach to detecting them. Peripherals can be regarded as separate systems that have a dedicated processor and dedicated runtime memory to handle their tasks. The book addresses the problem that peripherals generally communicate with the host via the host’s main memory, storing cryptographic keys, passwords, opened files and other sensitive data in the process – an aspect attackers are quick to exploit. 

Here, stealthy malicious software based on isolated micro-controllers is implemented to conduct an attack analysis, the results of which provide the basis for developing a novel runtime detector. The detector reveals stealthy peripheral-based attacks on the host’s main memory by exploiting certain hardware properties, while a permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks, which can otherwise succeed when the applied strategy only measures intermittently. Attackers exploit this strategy by attacking the system in between two measurements and erasing all traces of the attack before the system is measured again.



Anti-hacking Tools BARM Bus Agent Runtime Monitor Computer System Security Measures Cyber Criminality DAGGER Direct Memory Access based keystroke Code logger DMA Malware Input/Output Memory Management Units Memory Attacks Rootkit-based Attacks

Authors and affiliations

  1. 1.Technische Universität BerlinBerlinGermany

Bibliographic information