Candidate Talk: Hardware Features can Undermine Software Security

June 2, 2008
Francis David | University of Illinois at Urbana-Champaign

A number of gaps in security exist at the boundary between system software and hardware. Unused hardware features or unexpected hardware behavior can result in designs of systems that are vulnerable to a wide range of attacks. I will present two projects that study such vulnerabilities by looking at this issue from an attacker’s perspective. First, I will describe Cloaker, a proof-of-concept rootkit that exploits hardware features to hide and operate. Cloaker targets devices such as cell phones and PDAs which use ARM processors and relies exclusively on manipulation of hardware state while eschewing any modifications to the operating system code or data. This results in an extremely stealthy rootkit that is immune to the vast majority of existing countermeasures.

Next, I will discuss the design of BootJacker, a tool that exploits preservation of volatile memory across a forced computer restart in order to break into a live system protected by some form of software based access control. BootJacker is executed upon a restart and it revives the entire pre-existing system environment using the contents of memory while bypassing the access control mechanisms. This presents attackers with unrestricted access to the system including any open secure connections such as web sessions, encrypted disks or VPN connections.

Mitigation of these threats requires close co-operation between the system software and the underlying architecture. This topic is especially important considering the recent proliferation of advanced hardware features. System designers need to carefully analyze and identify such vulnerabilities before they make it into production systems.

Speaker Details

Francis David is a PhD candidate in the Department of Computer Science at the University of Illinois at Urbana-Champaign. His research spans techniques to improve the dependability of computer systems, focusing in particular on the security and reliability of the operating system. His work on hardware supported malware received the best student paper award at the prestigious IEEE Symposium on Security and Privacy held at Oakland this year. Francis holds a Bachelor’s degree in Computer Science from the Indian Institute of Technology (IIT) Madras.