Matching Items (2)

Filtering by

Clear all filters

134879-Thumbnail Image.png

Memory Inspection Resistant Rootkit: An implementation and analysis

Description

The purpose of this project was to implement and analyze a new proposed rootkit that claims a greater level of stealth by hiding in cache. Today, the vast majority of embedded devices are powered by ARM processors. To protect their

The purpose of this project was to implement and analyze a new proposed rootkit that claims a greater level of stealth by hiding in cache. Today, the vast majority of embedded devices are powered by ARM processors. To protect their processors from attacks, ARM introduced a hardware security extension known as TrustZone. It provides an isolated execution environment within the embedded device that enables us to run various memory integrity and malware detection tools to identify possible breaches in security to the normal world. Although TrustZone provides this additional layer of security, it also adds another layer of complexity, and thus comes with its own set of vulnerabilities. This new rootkit identifies and exploits a cache incoherence in the ARM device as a result of TrustZone. The newly proposed rootkit, called CacheKit, takes advantage of this cache incoherence to avoid memory introspection from tools in secure world. We implement CacheKit on the i.MX53 development board, which features a single ARM Cortex A8 processor, to analyze the limitations and vulnerabilities described in the original paper. We set up the Linux environment on the computer to be able to cross-compile for the development board which will be running the FreeScale android 2.3.4 platform with a 2.6.33 Linux kernel. The project is implemented as a kernel module that once installed on the board can manipulate cache as desired to conceal the rootkit. The module exploits the fact that in TrustZone, the secure world does not have access to the normal world cache. First, a technique known as Cache-asRAM is used to ensure that the rootkit is loaded only into cache of the normal world where it can avoid detection from the secure world. Then, we employ the cache maintenance instructions and resisters provided in the cp15 coprocessor to keep the code persistent in cache. Furthermore, the cache lines are mapped to unused I/O address space so that if cache content is flushed to RAM for inspection, the data is simply lost. This ensures that even if the rootkit were to be flushed into memory, any trace of the malicious code would be lost. CacheKit prevents defenders from analyzing the code and destroys any forensic evidence. This provides attackers with a new and powerful tool that is excellent for certain scenarios that were previously thought to be secure. Finally, we determine the limitations of the prototype to determine possible areas for future growth and research into the security of networked embedded devices.

Contributors

Agent

Created

Date Created
2016-12

134676-Thumbnail Image.png

The Applicability of an Athletic Shoe Comprising an In-Shoe Force Measurement System

Description

Having the proper biomechanical and neuromuscular kinematics while performing an athletic motion is essential for athletes. Deviations from proper form in execution of the kinetic chain of an athletic movement may result in suboptimal performance and oftentimes an elevated likelihood

Having the proper biomechanical and neuromuscular kinematics while performing an athletic motion is essential for athletes. Deviations from proper form in execution of the kinetic chain of an athletic movement may result in suboptimal performance and oftentimes an elevated likelihood of injury. The solutions currently available to athletes to account for digression from proper form are limited to sight and feel analysis of movement by the athletes and coaches and basic medical and athletic analysis equipment that is unsuitable for real-time analysis, the rigor and speed of dynamic athletic motions, and in-field use. The solution proposed herein is one of an in-shoe force measurement and foot positioning system designed to measure the ground reaction force generated by and alignment of an athlete's feet during an athletic motion. Research into various sports has found that the feet play a foundational role in proper execution of the kinetic chain, wherein the alignment, positioning, force generation, and timing of the feet may dictate proper execution of subsequent segments in the kinetic chain. The goal of the present design is to provide athletes with a solution to allow for real-time kinematic analysis of athletic motions using an in-shoe force measurement and foot positioning system. An understanding into the compensatory effect of foot misalignment, mismatched timing, and under or overcompensated ground reaction force generation by the feet on ensuing segments of the kinetic chain in conjunction with the present design can allow for athletes to measure and determine their degree of accuracy in form execution and to predict potential injuries resulting from deviations in form. Our design of an athletic shoe comprising an in-shoe force measurement system provides a dynamic solution to sports-related injuries presently unavailable to athletes.

Contributors

Agent

Created

Date Created
2017-05