diplomsko delo
Jakob Dorn (Author), Miha Moškon (Mentor)

Abstract

Neposreden dostop do pomnilnika (angl., Direct Memory Access, DMA) je tehnologija, ki omogoča hitrejši prenos podatkov med posameznimi deli strojne opreme brez obremenjevanja centralne procesne enote, hkrati pa ustvari potencialne ranljivosti, katere lahko napadalci zlorabijo za nedovoljen dostop do pomnilnika ali drugih občutljivih podatkov. Namen naloge je preučiti napade na DMA, osredotočene na operacijske sisteme Windows. Predstavljenih je več primerov izvedbe napada, vključno z manipulacijo datotečnega sistema, vzpostavljanjem lupin na zaklenjenih sistemih in branjem pomnilnika. Analizirani so potrebni strojni in programski pripomočki, kot so Screamer PCIe Squirrel in PCILeech, ter njihovo delovanje in omejitve. Naloga vključuje tudi predlog vzpostavitve zaščitnih ukrepov, kot so varni zagon (angl., Secure Boot), zaščita jedra DMA in sistemov za zaznavanje napadov (angl., Endpoint Detection and Response, EDR), ki pomagajo pri zaznavi in preprečevanju teh napadov.

Keywords

Windows;neposreden dostop do pomnilnika;ranljivosti;napadi;visokošolski strokovni študij;diplomske naloge;

Data

Language: Slovenian
Year of publishing:
Typology: 2.11 - Undergraduate Thesis
Organization: UL FRI - Faculty of Computer and Information Science
Publisher: [J. Dorn]
UDC: 004.056(043.2)
COBISS: 208252419 Link will open in a new window
Views: 117
Downloads: 59
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: DMA attacks on Windows operating systems
Secondary abstract: Direct Memory Access (DMA) is a technology that allows faster data transfer between individual pieces of hardware without burdening the central processing unit; it also creates potential vulnerabilities that can be exploited by attackers to gain unauthorised access to memory or other sensitive data. The purpose of this thesis is to investigate DMA attacks targeting Windows operating systems. Several examples of attack execution are presented, including file system manipulation, memory dumping, shell creation on locked systems and reading the main memory. The necessary hardware and software tools, such as Screamer PCIe Squirrel and PCILeech, are analysed, in regards to their performance and limitations. The task also includes a reccomendation for implementation of safeguards such as Secure Boot, DMA kernel protection and EDR systems, which aid in detecting and preventing these attacks.
Secondary keywords: DMA;Direct Memory Access;Windows;vulnerability;attack;computer science;diploma;Kibernetski terorizem;Varstvo podatkov (računalništvo);Microsoft Windows (operacijski sistem);Računalništvo;Univerzitetna in visokošolska dela;
Type (COBISS): Bachelor thesis/paper
Study programme: 1000470
Embargo end date (OpenAIRE): 1970-01-01
Thesis comment: Univ. v Ljubljani, Fak. za računalništvo in informatiko
Pages: 1 spletni vir (1 datoteka PDF (68 str.))
ID: 24824519