Corpus ID: 211199371

Attacking Intel TXT via SINIT code execution hijacking

@inproceedings{Wojtczuk2011AttackingIT,
  title={Attacking Intel TXT via SINIT code execution hijacking},
  author={Rafal Wojtczuk and J. Rutkowska},
  year={2011}
}
We present a software attack against Intel TXT that exploits an implementation problem within a so called SINIT module. The attack allows to fully bypass Intel TXT, Intel Launch Control Policy (LCP), and additionally also provides yet-another-way to compromise SMM code on the platform. 1 What is Intel TXT? For a basic introduction to Intel® Trusted Execution Technology (TXT), the reader is referenced to our previous paper on this topic [1], or alternatively, for a much more complete and in… Expand

Figures from this paper

Intel SGX Explained
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping
Secure Processors Part II: Intel SGX Security Analysis and MIT Sanctum Architecture
Detecting peripheral-based attacks on the host memory
Sanctum: Minimal RISC Extensions for Isolated Execution
...
1
2
3
...

References

SHOWING 1-10 OF 12 REFERENCES
Attacking Intel Trusted Execution Technology, Jan 2009, http://www.invisiblethingslab.com/ itl/Resources.html
  • 2009
Dynamics of a Trusted Platform: A Building Approach
  • 2009
Wojtczuk, Attacking Intel® BIOS, Jul 2009, http://www.invisiblethingslab.com/itl/ Resources.html
  • 2009
Intel Corporation, Intel ® Trusted Execution Technology, Measured Launched Environment Developer's Guide
  • 2008
Hardware Virtualization Rootkits
  • Black Hat USA,
  • 2006
Subverting Vista Kernel for Fun and Profit
  • Black Hat USA,
  • 2006
Attacking Intel Trusted Execution Technology
    Hardware Virtualization Rootkits, Black Hat USA
      It's a shame we still don't see STMs in the wild
        ...
        1
        2
        ...