|
A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit Direct Memory Access ("DMA"). DMA is included in a number of connections, because it lets a connected device (such as a camcorder, network card, storage device or other useful accessory or internal PC card) transfer data between itself and the computer at the maximum speed possible, by using direct hardware access to read or write directly to main memory without any operating system supervision or interaction. The legitimate uses of such devices have led to wide adoption of DMA accessories and connections, but an attacker can equally use the same facility to create an accessory that will connect using the same port, and can then potentially gain direct access to part or all of the physical memory address space of the computer, bypassing all OS security mechanisms and any lock screen, to read all that the computer is doing, steal data or cryptographic keys, install or run spyware and other exploits, or modify the system to allow backdoors or other malware. Preventing physical connections to such ports will prevent DMA attacks. On many computers, the connections implementing DMA can also be disabled within the BIOS or UEFI if unused, which depending on the device can nullify or reduce the potential for this type of exploit. Examples of connections that may allow DMA in some exploitable form include FireWire, ExpressCard, Thunderbolt, PCI and PCI Express. ==Description== In modern operating systems, non-system (i.e. user-mode) applications are prevented from accessing any memory locations not explicitly authorized by the virtual memory controller (called Memory Management Unit (MMU)). In addition to containing damage from inadvertent software bugs and allowing more efficient use of physical memory, this architecture forms an integral part of the security of a modern operating system. However, kernel-mode drivers, many hardware devices, and occasional user-mode vulnerabilities allow the direct, unimpeded access of the physical memory address space. The physical address space includes all of the main system memory, as well as memory-mapped buses and hardware devices (which are controlled by the operating system through reads and writes as if they were ordinary RAM). The OHCI 1394 specification allow devices, for performance reasons, to bypass the operating system and access physical memory directly without any security restrictions. But SBP2 devices can easily be spoofed, allowing an operating system to be tricked into allowing an attacker to both read and write physical memory, and thereby to gain unauthorised access to sensitive cryptographic material in memory. Systems may still be vulnerable to a DMA attack by an external device if they have a FireWire, ExpressCard, Thunderbolt or other expansion port that, like PCI and PCI Express in general, connects attached devices directly to the physical rather than virtual memory address space. Therefore systems that do not have a FireWire port may still be vulnerable if they have a PCMCIA/CardBus/PC Card or ExpressCard port that would allow an expansion card with a FireWire to be installed. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「DMA attack」の詳細全文を読む スポンサード リンク
|