True IOMMU Protection from DMA Attacks-Reference-Cited by-同舟云学术

True IOMMU Protection from DMA Attacks

Published:2016-07-29 Issue:2 Volume:44 Page:249-262
ISSN:0163-5964
Container-title:ACM SIGARCH Computer Architecture News
language:en
Short-container-title:SIGARCH Comput. Archit. News

Author:

Markuze Alex¹,Morrison Adam¹,Tsafrir Dan¹

Affiliation:

1. Technion---Israel Institute of Technology, Haifa, Israel

Abstract

Malicious I/O devices might compromise the OS using DMAs. The OS therefore utilizes the IOMMU to map and unmap every target buffer right before and after its DMA is processed, thereby restricting DMAs to their designated locations. This usage model, however, is not truly secure for two reasons: (1) it provides protection at page granularity only, whereas DMA buffers can reside on the same page as other data; and (2) it delays DMA buffer unmaps due to performance considerations, creating a vulnerability window in which devices can access in-use memory. We propose that OSes utilize the IOMMU differently, in a manner that eliminates these two flaws. Our new usage model restricts device access to a set of shadow DMA buffers that are never unmapped, and it copies DMAed data to/from these buffers, thus providing sub-page protection while eliminating the aforementioned vulnerability window. Our key insight is that the cost of interacting with, and synchronizing access to the slow IOMMU hardware---required for zero-copy protection against devices---make copying preferable to zero-copying . We implement our model in Linux and evaluate it with standard networking benchmarks utilizing a 40,Gb/s NIC. We demonstrate that despite being more secure than the safest preexisting usage model, our approach provides up to 5x higher throughput. Additionally, whereas it is inherently less scalable than an IOMMU-less (unprotected) system, our approach incurs only 0%--25% performance degradation in comparison.

Funder

Israeli Ministry of Science and Technology

Israel Science Foundation

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/2980024.2872379

Reference53 articles.

1. Intel TXT Overview. https://www.kernel.org/doc/Documentation/intel_txt.txt. Linux kernel documentation. Intel TXT Overview. https://www.kernel.org/doc/Documentation/intel_txt.txt. Linux kernel documentation.

2. Dma issues part 2. https://lwn.net/Articles/91870/. (Accessed: January 2016). Dma issues part 2. https://lwn.net/Articles/91870/. (Accessed: January 2016).

3. B. Aker. Memslap - load testing and benchmarking a server. http://docs.libmemcached.org/bin/memslap.html. libmemcached 1.1.0 documentation. B. Aker. Memslap - load testing and benchmarking a server. http://docs.libmemcached.org/bin/memslap.html. libmemcached 1.1.0 documentation.

4. AMD Inc. AMD IOMMU architectural specification rev 2.00. http://developer.amd.com/wordpress/media/2012/10/488821.pdf Mar 2011. AMD Inc. AMD IOMMU architectural specification rev 2.00. http://developer.amd.com/wordpress/media/2012/10/488821.pdf Mar 2011.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Characterizing, exploiting, and detecting DMA code injection vulnerabilities in the presence of an IOMMU;Proceedings of the Sixteenth European Conference on Computer Systems;2021-04-21