Direct Memory Access (DMA) increases throughput and efficiency of transfers between I/O devices and the main memory. Therein, it raises a critical security issue: How can the computer architecture enforce that devices only read from and write to the intended I/O buffers? Within the scope of this ongoing research project, we improve existing solutions to this problem by providing a byte-granular memory protection mechanism that is enforced universally for both software and hardware. Additional design goals of the prototype are compatibility with unmodified legacy devices (with full security) and operating systems (without security advantage). We target embedded real-time devices, whose architecture is particularly vulnerable to DMA attacks. Northcape, our proposed system, uses a capability-based memory protection mechanism with byte granularity. In contrast to existing protection systems, access control is implemented at the bus level in the northbridge. Thereby, the protection applies to the CPU, any accelerators and DMA peripherals in the system and protects system memory and memory-mapped I/O peripherals. Our pointer tagging-based implementation ensures compatibility with legacy 64-bit addressing schemes and an unmodified AXI system bus.
Workshop on Operating Systems and Virtualization Security (OSVS)
2024-07-08
2024-09-03