DC Field | Value | Language |
---|---|---|
dc.contributor.author | Song, Wonjun | ko |
dc.contributor.author | Choi, Hyunwoo | ko |
dc.contributor.author | Kim, Junhong | ko |
dc.contributor.author | Kim, Eunsoo | ko |
dc.contributor.author | Kim, Yongdae | ko |
dc.contributor.author | Kim, John | ko |
dc.date.accessioned | 2016-12-01T01:33:58Z | - |
dc.date.available | 2016-12-01T01:33:58Z | - |
dc.date.created | 2016-11-15 | - |
dc.date.created | 2016-11-15 | - |
dc.date.created | 2016-11-15 | - |
dc.date.created | 2016-11-15 | - |
dc.date.created | 2016-11-15 | - |
dc.date.created | 2016-11-15 | - |
dc.date.issued | 2016-08-10 | - |
dc.identifier.citation | 25th USENIX Security Symposium, pp.37 - 51 | - |
dc.identifier.uri | http://hdl.handle.net/10203/214340 | - |
dc.description.abstract | The goal of rootkit is often to hide malicious software running on a compromised machine. While there has been significant amount of research done on different rootkits, we describe a new type of rootkit that is kernel-independent - i.e., no aspect of the kernel is modified and no code is added to the kernel address space to install the rootkit. In this work, we present PIkit Processor-Interconnect rootkit that exploits the vulnerable hardware features within multi-socket servers that are commonly used in datacenters and high-performance computing. In particular, PIkit exploits the DRAM address mapping table structure that determines the destination node of a memory request packet in the processor-interconnect. By modifying this mapping table appropriately, PIkit enables access to victim's memory address region without proper permission. Once PIkit is installed, only user-level code or payload is needed to carry out malicious activities. The malicious payload mostly consists of memory read and/or write instructions that appear like "normal" user-space memory accesses and it becomes very difficult to detect such malicious payload. We describe the design and implementation of PIkit on both an AMD and an Intel x86 multi-socket servers that are commonly used. We discuss different malicious activities possible with PIkit and limitations of PIkit, as well as possible software and hardware solutions to PIkit. | - |
dc.language | English | - |
dc.publisher | USENIX Association | - |
dc.title | PIkit : A New Kernel-Independent Processor-Interconnect Rootkit | - |
dc.type | Conference | - |
dc.identifier.wosid | 000385263000003 | - |
dc.identifier.scopusid | 2-s2.0-85030550819 | - |
dc.type.rims | CONF | - |
dc.citation.beginningpage | 37 | - |
dc.citation.endingpage | 51 | - |
dc.citation.publicationname | 25th USENIX Security Symposium | - |
dc.identifier.conferencecountry | US | - |
dc.identifier.conferencelocation | Austin, TX | - |
dc.embargo.liftdate | 9999-12-31 | - |
dc.embargo.terms | 9999-12-31 | - |
dc.contributor.localauthor | Kim, Yongdae | - |
dc.contributor.localauthor | Kim, John | - |
dc.contributor.nonIdAuthor | Choi, Hyunwoo | - |
dc.contributor.nonIdAuthor | Kim, Junhong | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.