DMAAUTH: A Lightweight Pointer Integrity-based Secure Architecture to Defeat DMA Attacks
Xingkai Wang
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
This talk introduces DMAUTH, a novel hardware-software co-design architecture aimed at effectively defeating Direct Memory Access (DMA) attacks. Presented by Xingkai Wang at USENIX Security '24, the research addresses critical limitations in existing DMA protection mechanisms, particularly the Input/Output Memory Management Unit (IOMMU). DMA attacks represent a long-standing and potent threat, allowing malicious peripherals to bypass CPU oversight and directly manipulate system memory, potentially leading to privilege escalation, data exfiltration, or complete system compromise. While IOMMUs provide a foundational layer of defense, they are susceptible to sophisticated attacks that exploit inherent spatial and temporal vulnerabilities arising from their page-granularity memory management.
AI review
This talk introduces DMAUTH, a critical hardware-software co-design that fundamentally addresses long-standing spatial and temporal vulnerabilities in IOMMU-based DMA protection. Its novel application of pointer authentication, especially Arithmetic Capable Pointer Authentication (ACPA), coupled with byte-grain enforcement and immediate pointer invalidation, offers a robust, low-overhead solution to a pervasive hardware-level threat. This is a significant advancement in system security that demands attention from anyone designing or securing modern platforms.