FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2348002376> ?p ?o ?g. }

• W2348002376 abstract "With the growing importance of networked embedded devices in the upcoming Internet of Things, new attacks targeting embedded OSes are emerging. ARM processors, which power over 60% of embedded devices, introduce a hardware security extension called TrustZone to protect secure applications in an isolated secure world that cannot be manipulated by a compromised OS in the normal world. LeveragingTrustZone technology, a number of memory integrity checking schemes have been proposed in the secure world to introspect malicious memory modification of the normal world. In this paper, we first discover and verify an ARM TrustZone cache incoherence behavior, which results in the cache contents of the two worlds, secure and non-secure, potentially being different even when they are mapped to the same physical address. Furthermore, code in one TrustZone world cannot access the cache content in the other world. Based on this observation, we develop a new rootkit called CacheKit that hides in the cache of the normal world and is able to evade memory introspection from the secure world. We implement a CacheKit prototype on Cortex-A8 processors after solving a number of challenges. First, we employ the Cache-as-RAM technique to ensure that the malicious code is only loaded into the CPU cache and not RAM. Thus, the secure world cannot detect the existence of the malicious code by examining the RAM. Second, we use the ARM processor's hardware support on cache settings to keep the malicious code persistent in the cache. Third, to evade introspection that flushes cache content back into RAM, we utilize physical addresses from the I/O address range that is not backed by any real I/O devices or RAM. The experimental results show that CacheKit can successfully evade memory introspection from the secure world and has small performance impacts on the rich OS. We discuss potential countermeasures to detect this type of rootkit attack." @default.
• W2348002376 created "2016-06-24" @default.
• W2348002376 creator A5001879281 @default.
• W2348002376 creator A5026728546 @default.
• W2348002376 creator A5034433094 @default.
• W2348002376 creator A5035162486 @default.
• W2348002376 creator A5054418515 @default.
• W2348002376 date "2016-03-01" @default.
• W2348002376 modified "2023-09-23" @default.
• W2348002376 title "CacheKit: Evading Memory Introspection Using Cache Incoherence" @default.
• W2348002376 cites W147819238 @default.
• W2348002376 cites W1557252148 @default.
• W2348002376 cites W1598700299 @default.
• W2348002376 cites W1987221145 @default.
• W2348002376 cites W2014517322 @default.
• W2348002376 cites W2034006679 @default.
• W2348002376 cites W2054840305 @default.
• W2348002376 cites W2055175181 @default.
• W2348002376 cites W2059046703 @default.
• W2348002376 cites W2059063827 @default.
• W2348002376 cites W2078592559 @default.
• W2348002376 cites W2085588453 @default.
• W2348002376 cites W2097723548 @default.
• W2348002376 cites W2101889913 @default.
• W2348002376 cites W2116730531 @default.
• W2348002376 cites W2122587458 @default.
• W2348002376 cites W2133189397 @default.
• W2348002376 cites W2144006591 @default.
• W2348002376 cites W2146330317 @default.
• W2348002376 cites W2149256534 @default.
• W2348002376 cites W2151006143 @default.
• W2348002376 cites W2151200195 @default.
• W2348002376 cites W2154081981 @default.
• W2348002376 cites W2158699246 @default.
• W2348002376 cites W2167804035 @default.
• W2348002376 cites W2168872572 @default.
• W2348002376 cites W86845558 @default.
• W2348002376 cites W2054520062 @default.
• W2348002376 doi "https://doi.org/10.1109/eurosp.2016.34" @default.
• W2348002376 hasPublicationYear "2016" @default.
• W2348002376 type Work @default.
• W2348002376 sameAs 2348002376 @default.
• W2348002376 citedByCount "27" @default.
• W2348002376 countsByYear W23480023762016 @default.
• W2348002376 countsByYear W23480023762017 @default.
• W2348002376 countsByYear W23480023762018 @default.
• W2348002376 countsByYear W23480023762019 @default.
• W2348002376 countsByYear W23480023762020 @default.
• W2348002376 countsByYear W23480023762021 @default.
• W2348002376 countsByYear W23480023762022 @default.
• W2348002376 crossrefType "proceedings-article" @default.
• W2348002376 hasAuthorship W2348002376A5001879281 @default.
• W2348002376 hasAuthorship W2348002376A5026728546 @default.
• W2348002376 hasAuthorship W2348002376A5034433094 @default.
• W2348002376 hasAuthorship W2348002376A5035162486 @default.
• W2348002376 hasAuthorship W2348002376A5054418515 @default.
• W2348002376 hasConcept C10144332 @default.
• W2348002376 hasConcept C111919701 @default.
• W2348002376 hasConcept C113166858 @default.
• W2348002376 hasConcept C115537543 @default.
• W2348002376 hasConcept C149635348 @default.
• W2348002376 hasConcept C173608175 @default.
• W2348002376 hasConcept C177264268 @default.
• W2348002376 hasConcept C189783530 @default.
• W2348002376 hasConcept C199360897 @default.
• W2348002376 hasConcept C2776760102 @default.
• W2348002376 hasConcept C38556500 @default.
• W2348002376 hasConcept C41008148 @default.
• W2348002376 hasConcept C541664917 @default.
• W2348002376 hasConceptScore W2348002376C10144332 @default.
• W2348002376 hasConceptScore W2348002376C111919701 @default.
• W2348002376 hasConceptScore W2348002376C113166858 @default.
• W2348002376 hasConceptScore W2348002376C115537543 @default.
• W2348002376 hasConceptScore W2348002376C149635348 @default.
• W2348002376 hasConceptScore W2348002376C173608175 @default.
• W2348002376 hasConceptScore W2348002376C177264268 @default.
• W2348002376 hasConceptScore W2348002376C189783530 @default.
• W2348002376 hasConceptScore W2348002376C199360897 @default.
• W2348002376 hasConceptScore W2348002376C2776760102 @default.
• W2348002376 hasConceptScore W2348002376C38556500 @default.
• W2348002376 hasConceptScore W2348002376C41008148 @default.
• W2348002376 hasConceptScore W2348002376C541664917 @default.
• W2348002376 hasLocation W23480023761 @default.
• W2348002376 hasOpenAccess W2348002376 @default.
• W2348002376 hasPrimaryLocation W23480023761 @default.
• W2348002376 hasRelatedWork W1484089092 @default.
• W2348002376 hasRelatedWork W1529387754 @default.
• W2348002376 hasRelatedWork W1571368810 @default.
• W2348002376 hasRelatedWork W1579918296 @default.
• W2348002376 hasRelatedWork W1616582327 @default.
• W2348002376 hasRelatedWork W1784146144 @default.
• W2348002376 hasRelatedWork W1796231360 @default.
• W2348002376 hasRelatedWork W2379400621 @default.
• W2348002376 hasRelatedWork W2611544471 @default.
• W2348002376 hasRelatedWork W3003912857 @default.
• W2348002376 isParatext "false" @default.
• W2348002376 isRetracted "false" @default.
• W2348002376 magId "2348002376" @default.
• W2348002376 workType "article" @default.