Linux下使用电压故障注入升级权限

2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC) Pub Date : 2017-09-01 DOI:10.1109/FDTC.2017.16

N. Timmers, Cristofaro Mune

{"title":"Linux下使用电压故障注入升级权限","authors":"N. Timmers, Cristofaro Mune","doi":"10.1109/FDTC.2017.16","DOIUrl":null,"url":null,"abstract":"Today's standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper's contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability. We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM CortexA9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS.","PeriodicalId":227188,"journal":{"name":"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":"{\"title\":\"Escalating Privileges in Linux Using Voltage Fault Injection\",\"authors\":\"N. Timmers, Cristofaro Mune\",\"doi\":\"10.1109/FDTC.2017.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Today's standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper's contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability. We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM CortexA9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS.\",\"PeriodicalId\":227188,\"journal\":{\"name\":\"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"50\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FDTC.2017.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FDTC.2017.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 50

摘要

目前的标准嵌入式设备技术对于诸如电压故障注入(V-FI)等故障注入(FI)攻击并不健壮。FI攻击可以用来改变嵌入式设备的软件和硬件的预期行为。大多数FI研究的重点是破解加密算法的实现。然而，本文的贡献在于表明，当由快速且功能丰富的片上系统(SoC)执行时，FI攻击可以有效地改变大型复杂代码库(如Linux操作系统(OS))的预期行为。更具体地说，我们展示了三种攻击，其中使用V-FI从非特权上下文中实现对Linux操作系统的完全控制。这些攻击的目标是标准的Linux操作系统功能，并且在没有任何逻辑漏洞的情况下进行操作。我们假设攻击者已经实现了非特权代码执行。利用市售的V-FI测试台和市售的ARM CortexA9 SoC开发板演示了攻击的实用性。最后，我们讨论了降低概率和最小化成功的FI攻击对复杂系统(如Linux操作系统)的影响的缓解措施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Escalating Privileges in Linux Using Voltage Fault Injection

Today's standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper's contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability. We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM CortexA9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)

自引率

0.00%

发文量