Skip to content (access key 's')
Logo of Technion
Logo of CS Department

The Taub Faculty of Computer Science Events and Talks

IOMMU-resistant DMA attacks
event speaker icon
Gil Kupfer (M.Sc. Thesis Seminar)
event date icon
Wednesday, 14.02.2018, 18:00
event location icon
Taub 601
event speaker icon
Advisor: Prof. Dan Tsafrir and Dr. Nadav Amit
The direct memory access (DMA) mechanism allows I/O devices to independently access the memory without CPU involvement, improving performance but exposing systems to malicious DMA attacks. Hardware vendors therefore introduced IOMMUs (I/O memory management units), allowing operating systems to defend themselves by restricting DMAs to specific memory locations. When configured correctly, the latest generation of IOMMUs is thus considered an appropriate solution to the problem. We challenge this perception and uncover a new type of IOMMU-resistant DMA attacks, which are capable of taking over the system by exploiting the fact that IOMMU protection is provided in page granularity, which we find to be too coarse. We demonstrate that the vulnerability is spread across different device drivers and kernel subsystems, making it challenging to come up with a generic, performant fix.