Corpus ID: 160029776

Another Way to Circumvent Intel ® Trusted Execution Technology

@inproceedings{Wojtczuk2009AnotherWT,
  title={Another Way to Circumvent Intel {\textregistered} Trusted Execution Technology},
  author={Rafal Wojtczuk and J. Rutkowska and A. Tereshkin},
  year={2009}
}
Earlier this year our team has presented an attack against Intel® TXT that exploited a design problem with SMM mode being over privileged on PC platforms and able to interfere with the SENTER instruction. This time we present a different attack that allows an attacker to trick the SENTER instruction into misconfiguring the VT-d engine, so that it doesnʼt protect the newly loaded MLE. This attack exploits implementation flaws in a so called SINIT module. keywords: Intel TXT, Intel VT-d, SINIT… Expand

Figures from this paper

A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping
Exploiting an I/OMMU vulnerability
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
...
1
2
3
4
5
...

References

SHOWING 1-7 OF 7 REFERENCES
Dynamics of a trusted platform: a building block approach
Attacking Intel® Trusted Execution Technology
  • Presented at Black Hat DC
  • 2009
Evil Maid goes after TrueCrypt! http://theinvisiblethings.blogspot.com/2009/10/evilmaid-goes-after-truecrypt.html, October
  • 2009
Introducing Ring -3 Rootkits
  • Presented at Black Hat USA
  • 2009
PATCH] txt: 3/6 - use TXT's DMAprotected DMAR table to setup VT-d
  • http://lists.xensource.com/archives/html/xense-dev el/2009-01/msg00004.html,
  • 2009
SINIT misconfiguration allows for Privilege Escalation
  • http://security-center.intel.com/advisory.aspx?inteli d=INTEL-SA-00021&languageid=en-fr,
  • 2009
Xen 0wning Trilogy: code and demos
  • http://invisiblethingslab.com/resources/bh08/, August,
  • 2008