In the Workshop on Offensive Technologies (WOOT) where the paper on automotive hacking was presented (see stories above), another former member of CSE’s Security and Cryptography group had new research to present.
CSE alumnus Stephen Checkoway (PhD ‘12) presented a paper with the eye-catching title, “Run-DMA”. Checkoway (pictured as a CSE grad student), who recently moved from Johns Hopkins University to the University of Illinois at Chicago, was referring to the direct memory access (DMA) hardware engines used by computers to transfer data into and out of main memory. DMA engines are designed to free up CPU cycles to perform more challenging computations. According to Checkoway’s paper with Johns Hopkins PhD student Michael Rushanan, they showed that “the ability to chain together such memory transfers, as provided by commodity hardware, is sufficient to perform arbitrary computation.” This opens up the DMA engine to “malicious behavior”, and the researchers built a proof-of-concept DMA rootkit that modifies kernel objects in memory to perform “privilege escalation for target processes.” The researchers were the first to build malware entirely out of DMA data transfers, and they considered a variety of countermeasures that could be helpful in containing the security risk associated with DMA engines – up to a point. “Given the current lack of strong defenses against DMA abuse and the ability of DMA to do both Turing-complete and resource-complete computation,” concluded Checkoway and Rushanan, “it is clear that more work on secure defenses is needed.”