Bootjacker: compromising computers using forced restarts
BootJacker is a proof-of-concept attack tool which demonstrates that authentication
mechanisms employed by an operating system can be bypassed by obtaining physical …
mechanisms employed by an operating system can be bypassed by obtaining physical …
Secure bootstrap is not enough: Shoring up the trusted computing base
J Hendricks, L Van Doorn - Proceedings of the 11th workshop on ACM …, 2004 - dl.acm.org
We propose augmenting secure boot with a mechanism to protect against compromises to
field-upgradeable devices. In particular, secure boot standards should verify the firmware of …
field-upgradeable devices. In particular, secure boot standards should verify the firmware of …
[PDF][PDF] Protecting data in-use from firmware and physical attacks
S Weis - Black Hat, 2014 - blackhat.com
Defending computers from unauthorized physical access, malicious hardware devices, or
other low-level attacks has proven extremely challenging. The risks from these attacks are …
other low-level attacks has proven extremely challenging. The risks from these attacks are …
[PDF][PDF] Physical security attacks on windows vista
P Panholzer - SEC Consult Vulnerability Lab, Vienna, Tech. Rep, 2008 - Citeseer
There are several attacks known today which leverage physical access to fully patched
systems to read or patch system memory. One of them is the Cold Boot Attack (1), which …
systems to read or patch system memory. One of them is the Cold Boot Attack (1), which …
Memory deduplication as a threat to the guest OS
Memory deduplication shares same-content memory pages and reduces the consumption of
physical memory. It is effective on environments that run many virtual machines with the …
physical memory. It is effective on environments that run many virtual machines with the …
[PDF][PDF] Enabling client-side crash-resistance to overcome diversification and information hiding.
It is a well-known issue that attack primitives which exploit memory corruption vulnerabilities
can abuse the ability of processes to automatically restart upon termination. For example …
can abuse the ability of processes to automatically restart upon termination. For example …
{ROTE}: Rollback protection for trusted execution
Security architectures such as Intel SGX need protection against rollback attacks, where the
adversary violates the integrity of a protected application state by replaying old persistently …
adversary violates the integrity of a protected application state by replaying old persistently …
Virtual ghost: Protecting applications from hostile operating systems
Applications that process sensitive data can be carefully designed and validated to be
difficult to attack, but they are usually run on monolithic, commodity operating systems, which …
difficult to attack, but they are usually run on monolithic, commodity operating systems, which …
Provably secure memory isolation for Linux on ARM
The isolation of security critical components from an untrusted OS allows to both protect
applications and to harden the OS itself. Virtualization of the memory subsystem is a key …
applications and to harden the OS itself. Virtualization of the memory subsystem is a key …
Hardware backdooring is practical
J Brossard - Blackhat USA, 2012 - hal.science
This presentation will demonstrate that permanent backdooring of hardware is practical. We
have built a generic proof of concept malware for the intel architecture, Rakshasa, capable …
have built a generic proof of concept malware for the intel architecture, Rakshasa, capable …