DMA Security in the Presence of IOMMUs

Schwarz, Christian; Reusch, Viktor; Planeta, Maksym

Author:

Abstract

Faulty, vulnerable or malicious PCIe devices can harm a system through DMA. IOMMUs can act as a security mechanism to protect against this problem by restricting the memory that is accessible via DMA. Unfortunately, there are methods to bypass the IOMMU restrictions. This paper is a survey over the currently existing bypasses and their feasibility. Current systems might be exploited from any untrusted source of DMA, which includes peripheral PCIe devices, virtual machines using SR-IOV, and even RDMA network cards, which enable remote attacks. Key strategies for the attacks presented here are Rowhammer, cache side-channels, and the exploitation of weaknesses in device drivers, e.g., for network cards, or protocols like PCIe or Ethernet OAM. An attacker can potentially achieve denial of service, the reading of confidential data, and even arbitrary code execution. Fortunately, there are some precautions to reduce the risks for affected systems.

Citation
BibTeX

Schwarz, C., Reusch, V. & Planeta, M., (2022). DMA Security in the Presence of IOMMUs. Tagungsband des FG-BS Frühjahrstreffens 2022. Bonn: Gesellschaft für Informatik e.V.. DOI: 10.18420/fgbs2022f-04

@inproceedings{mci/Schwarz2022,
author = {Schwarz, Christian AND Reusch, Viktor AND Planeta, Maksym},
title = {DMA Security in the Presence of IOMMUs},
booktitle = {Tagungsband des FG-BS Frühjahrstreffens 2022},
year = {2022},
editor = {} ,
doi = { 10.18420/fgbs2022f-04 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}

	Dateien	Groesse	Format	Anzeige
	Paper04.pdf	546.8Kb	PDF	View/Open

Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.18420/fgbs2022f-04

Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback