Abstract
This paper presents an approach to prevent memory attacks enabled by DMA. DMA is a technique that is frequently used to release processors from simple memory transfers. DMA transfers are usually performed during idle times of the bus. A disadvantage of DMA transfers is that they are primarily unsupervised by anti malware agents. After the completion of a DMA activity the transfered data can be scanned for malicious codes. At this time the malicious structures are already in the memory and processor time is necessary to perform a malware scan. The approach presented in this paper enhances the DMA by a watchdog mechanisms that scans the data passing by and interrupts the processor after the detection of a malicious data or instruction sequence. Configurable hardware based on FPGAs is used to overcome the problem of frequently changing malware and malware signatures.
Chapter PDF
Similar content being viewed by others
References
Chhabra, S., Solihin, Y., Lal, R., Hoekstra, M.: An analysis of secure processor architectures. Transactions on Computational Science 7, 101–121 (2010)
Gueron, S., Stronqin, G., Seifert, J.-P., Chiou, D., Sendag, R., Yi, J.J.: Where does security stand? new vulnerabilities vs. trusted computing. New Vulnerabilities vs. Trusted Computing 27(6), 25–35 (2007)
Hollander, R.M., Bolotoff, P.V.: RAMspeed, a cache and memory benchmarking tool (2009), http://alasir.com/software/ramspeed/
Rutkowska, J.: Beyond The CPU: Defeating Hardware Based RAM Acquisition (2009), http://www.first.org/conference/2007/papers/rutkowska-joanna-slides.pdf
Stewin, P., Bystrov, I.: Understanding dma malware. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 21–41. Springer, Heidelberg (2013)
Wang, S., Ledley, R.S.: Computer Architecture and Security: Fundamentals of Designing Secure Computer Systems
Weicker, R.P.: Dhrystone: a synthetic systems programming benchmark. Commun. ACM 27(10), 1013–1030 (1984)
Ye, D., Moffie, M., Kaeli, D.: A Benchmark Suite for BehaviorBased Security Mechanisms (2005), http://www.ece.neu.edu/groups/nucar/publications/SSATTM05.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Eckert, M., Podebrad, I., Klauer, B. (2013). Hardware Based Security Enhanced Direct Memory Access. In: De Decker, B., Dittmann, J., Kraetzer, C., Vielhauer, C. (eds) Communications and Multimedia Security. CMS 2013. Lecture Notes in Computer Science, vol 8099. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40779-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-40779-6_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40778-9
Online ISBN: 978-3-642-40779-6
eBook Packages: Computer ScienceComputer Science (R0)