In cryptography, a DMA attack is a type of side channel attack whereby cryptographic keys can be stolen by an attacker who has physical access to an operating system.
Contents |
In modern operating systems, applications are obfuscated from the underlying physical memory, instead using virtual memory for their operations. In addition to allowing more efficient use of limited physical memory resources, this architecture forms an integral part of the security of an operating system.
The OHCI 1394 specification allows for devices for performance reasons to bypass the operating system and access physical memory directly without any security restrictions.[1][2] SBP2 devices can be spoofed, allowing an operating system to be tricked into allowing an attacker to both read and write physical memory.[3]
In addition to the nefarious uses mentioned above, there are some beneficial uses too as the DMA features can be used for kernel debugging purposes.[4]
Systems may be vulnerable to a DMA attack by an external device if they have a FireWire port, or if they have a PCMCIA or ExpressCard port that allows an expansion card with a FireWire port to be installed where the operating system supports plug and play. Systems with a Thunderbolt port may also be vulnerable.[5]
IOMMU and VT-d can be used to secure device and allow it using only part of memory and use virtual memory. It was developed mainly for using in virtualization, but can be also used from preventing DMA attack and other device malfunctions. This technique however isn't used in any systems for preventing DMA attack.