izpis_h1_title_alt

Napadi DMA na operacijske sisteme Windows
ID Dorn, Jakob (Author), ID Moškon, Miha (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (3,20 MB)
MD5: DC637568F280ECF8465BB04205DED8B9

Abstract
Neposreden dostop do pomnilnika (angl., Direct Memory Access, DMA) je tehnologija, ki omogoča hitrejši prenos podatkov med posameznimi deli strojne opreme brez obremenjevanja centralne procesne enote, hkrati pa ustvari potencialne ranljivosti, katere lahko napadalci zlorabijo za nedovoljen dostop do pomnilnika ali drugih občutljivih podatkov. Namen naloge je preučiti napade na DMA, osredotočene na operacijske sisteme Windows. Predstavljenih je več primerov izvedbe napada, vključno z manipulacijo datotečnega sistema, vzpostavljanjem lupin na zaklenjenih sistemih in branjem pomnilnika. Analizirani so potrebni strojni in programski pripomočki, kot so Screamer PCIe Squirrel in PCILeech, ter njihovo delovanje in omejitve. Naloga vključuje tudi predlog vzpostavitve zaščitnih ukrepov, kot so varni zagon (angl., Secure Boot), zaščita jedra DMA in sistemov za zaznavanje napadov (angl., Endpoint Detection and Response, EDR), ki pomagajo pri zaznavi in preprečevanju teh napadov.

Language:Slovenian
Keywords:DMA, Windows, napad, ranljivost
Work type:Bachelor thesis/paper
Typology:2.11 - Undergraduate Thesis
Organization:FRI - Faculty of Computer and Information Science
Year:2024
PID:20.500.12556/RUL-160375 This link opens in a new window
COBISS.SI-ID:208252419 This link opens in a new window
Publication date in RUL:27.08.2024
Views:225
Downloads:66
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:DMA attacks on Windows operating systems
Abstract:
Direct Memory Access (DMA) is a technology that allows faster data transfer between individual pieces of hardware without burdening the central processing unit; it also creates potential vulnerabilities that can be exploited by attackers to gain unauthorised access to memory or other sensitive data. The purpose of this thesis is to investigate DMA attacks targeting Windows operating systems. Several examples of attack execution are presented, including file system manipulation, memory dumping, shell creation on locked systems and reading the main memory. The necessary hardware and software tools, such as Screamer PCIe Squirrel and PCILeech, are analysed, in regards to their performance and limitations. The task also includes a reccomendation for implementation of safeguards such as Secure Boot, DMA kernel protection and EDR systems, which aid in detecting and preventing these attacks.

Keywords:DMA, Windows, attack, vulnerability

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back