Pandora's Box in Your SSD: The Untold Dangers of NVMe
- URL: http://arxiv.org/abs/2411.00439v1
- Date: Fri, 01 Nov 2024 08:09:34 GMT
- Title: Pandora's Box in Your SSD: The Untold Dangers of NVMe
- Authors: Rick Wertenbroek, Alberto Dassatti,
- Abstract summary: We introduce the eNVMe platform, a malicious storage device.
The eNVMe platform features a novel, Linux-based, open-source firmware.
We uncover several attack vectors in Linux and Windows, highlighting the risks posed by malicious devices.
- Score: 0.3222802562733787
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Modern operating systems manage and abstract hardware resources, to ensure efficient execution of user workloads. The operating system must securely interface with often untrusted user code while relying on hardware that is assumed to be trustworthy. In this paper, we challenge this trust by introducing the eNVMe platform, a malicious NVMe storage device. The eNVMe platform features a novel, Linux-based, open-source NVMe firmware. It embeds hacking tools and it is compatible with a variety of PCI-enabled hardware. Using this platform, we uncover several attack vectors in Linux and Windows, highlighting the risks posed by malicious NVMe devices. We discuss available mitigation techniques and ponder about open-source firmware and open-hardware as a viable way forward for storage. While prior research has examined compromised existing hardware, our eNVMe platform provides a novel and unique tool for security researchers, enabling deeper exploration of vulnerabilities in operating system storage subsystems.
Related papers
- VaultFS: Write-once Software Support at the File System Level Against Ransomware Attacks [6.725792100548271]
We propose VaultFS, a Linux-suited file system oriented to the maintenance of cold-data.
Files are supported via the write-once semantic, and cannot be subject to the rewriting (or deletion) of their content up to the end of their protection life time.
VastFS offers the possibility to protect the storage against Denial-of-Service (DOS) attacks.
arXiv Detail & Related papers (2024-10-29T12:06:24Z) - Reverse Engineered MiniFS File System [1.2891210250935148]
This paper addresses the vulnerabilities inherent in Wi-Fi APs using proprietary file systems like MiniFS found in TP-Link's AC1900 WiFi router.
Through reverse engineering, we unravel the structure and operation of MiniFS, marking a significant advancement in our understanding of this previously opaque file system.
arXiv Detail & Related papers (2024-07-06T12:49:37Z) - Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - DIMSIM -- Device Integrity Monitoring through iSIM Applets and Distributed Ledger Technology [0.023020018305241332]
We introduce a distributed ledger technology-oriented architecture to monitor the remote devices' integrity using eUICC technology.
eUICC is a feature commonly found in industrial devices for cellular connectivity.
We present an end-to-end architecture to monitor device integrity thereby enabling all the stakeholders in the system to trust the devices.
arXiv Detail & Related papers (2024-05-16T09:13:54Z) - SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems [36.154629422941774]
Arm Cortex-M processors are the most widely used 32-bit microcontrollers among embedded and Internet-of-Things devices.
We analyze the hardware security limitations and issues of Cortex-M systems.
We categorize the reported bugs in Cortex-M software systems.
arXiv Detail & Related papers (2024-01-27T04:09:29Z) - Fortress: Securing IoT Peripherals with Trusted Execution Environments [2.2476099815732518]
Internet of Things (IoT) devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras.
We propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE)
The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud.
arXiv Detail & Related papers (2023-12-05T07:12:58Z) - Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
Software services place implicit trust in the cloud provider, without an explicit trust relationship.
There is currently no cloud provider that exposes Trusted Platform Module capabilities.
We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
arXiv Detail & Related papers (2023-10-05T13:13:55Z) - SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes.
SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices.
We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
arXiv Detail & Related papers (2023-09-26T08:11:38Z) - Evil from Within: Machine Learning Backdoors through Hardware Trojans [72.99519529521919]
Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars.
We introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning.
We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU.
arXiv Detail & Related papers (2023-04-17T16:24:48Z) - A survey on hardware-based malware detection approaches [45.24207460381396]
Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess.
We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours.
The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
arXiv Detail & Related papers (2023-03-22T13:00:41Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Adversarial EXEmples: A Survey and Experimental Evaluation of Practical
Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes.
We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks.
These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.