Below is a listing of some of the current literature and research describing physical memory attacks on computer systems.

  • Lest We Remember: Cold Boot Attacks on Encryption Keys

    Memory chips used in most computers retain their contents for seconds to minutes after power is lost, leaving the contents available for malicious or forensic acquisition.  This research paper describes how encryption keys for most popular disk encryption systems can be obtained through cold boot attacks.

    Tags: Cold Boot Attack,  Encryption Keys

  • On the Practicability of Cold Boot Attacks

    A 2013 research paper that verifies previous research around cold boot attacks using 17 systems and system configurations.

    Tags: Cold Boot Attack,  Encryption Keys

  • Understanding DMA Malware

    A white paper published describing how malware using Direct Memory Access (DMA) functionality of modern microprocessors provides a way for attackers to access sensitive information in memory. DMA refers to the capability of peripheral system hardware to transfer data to or from main memory without the involvement of the CPU. This feature is intended to improve system performance, but comes at the expense of centralized memory access enforcement.

    Tags: DMA Attack, Malware, Rootkit

  • Hardware Backdooring is Practical

    This DEFCON 20 conference presentation and associated white paper highlights the ease with which hardware systems can be compromised via backdoors that are not detected by anti-virus.

    Tags: Hardware Backdoor, Rookit , Bootkit

  • Integrating DMA attacks in exploitation frameworks

    A research paper highlighting that some hardware interfaces are vulnerable to Direct Memory Access (DMA) attack including a proof of concept which integrates FireWire attacks into Metasploit.

    Tags: DMA Attack, Memory Extraction Attacks, Metasploit

  • Low temperature data remanence in static RAM

    A University of Cambridge research paper highlighting that static Random Access Memory at low temperatures retains its contents and can be accessed to compromise security materials.

    Tags: Cold Boot Attack, Memory Extraction Attacks

  • Hardware Involved Software Attacks

    A presentation describing the role of hardware including methods such as Direct Memory Access (DMA) in software attacks.

    Tags: DMA Attack, Privilege Escalation

  • VIKING Technology Launches Next Generation ArxCis-NV

    A VIKING Technology press release announcing Non-volatile Direct Random Access Memory (DRAM) technology that retains contents in memory even in the event of power failure.

    Tags: NVDIMM, Cold Boot Attacks

  • How to develop a rootkit for Broadcom NetExtreme network cards

    A presentation highlighting a proof of concept attack on a Broadcom NetExtreme network interface card (NIC) that provides Direct Memory Access.

    Tags: DMA Attack, Rootkit

  • I/O Attacks in Intel-PC Architectures and Countermeasures

    An IEEE Xplore article surveying attacks I/O-based attacks on Intel x86 architectures.

    Tags: DMA Attack, NIC, PCI

  • What if you can’t trust your network card?

    A research paper from the French Network and Information Security Agency (ANSSI) describing how Network Interface Cards can be compromised to take control of a system.

    Tags: DMA Attack, NIC

  • Firmware-assisted Memory Acquisition and Analysis Tools for Digital Forensics

    An IEEE Xplore article surveying methods of inspecting and analyzing operational state of computers for the purpose of digital forensics.  The tools used for legitimate purposes could also be used for illegitimate purposes.

    Tags: DMA Attack, PCI

  • Memory Forensics over the IEEE 1394 Interface

    A research paper describing how to perform memory forensics on a target system. The paper demonstrates how memory can be dumped and operating systems can be compromised.

    Tags: FireWire, DMA Attack

  • The Jedi Packet Trick takes over the Deathstar

    A seminar presentation from the CanSecWest conference showing how an attacker could remotely exploit a particular network card model.

    Tags: DMA Attack, Rootkit, NIC

  • Can you still trust your network card?

    Presentation by researchers at France’s Network and Information Security Agency (ANSSI) describing how compromised network interface cards can be used to compromise a host system.

    Tags: DMA Attack, NIC, PCI

  • ArxCis-NVTM – Non-Volatile Cache Module

    VIKING Technologies Non-Volatile Dual Inline Memory Module (NVDIMM) retains memory even in the event of a power failure.

    Tags: NVDIMM

  • Attacking SMM Memory via Intel® CPU Cache Poisoning

    A research paper from Invisible Things Labs describing novel practical attacks on System Management Mode (SMM) memory (SMRAM) that exploit CPU caching semantics of Intel-based systems. System Management Mode (SMM) is the most  privileged CPU operation mode on x86 architectures.

    Tags: SMM, Trusted Execution Technologies, TXT

  • Project Maux Mk.II

    A presentation describing how Network Interface Card (NIC) firmware can be modified to gain access to systems.

    Tags: NIC, DMA Attack

  • Live Memory Acquisition for Windows Operating Systems

    A university research paper explaining tools available for forensic acquisition and analysis can access volatile memory (RAM)

    Tags: DMA Attack, Windows

  • A Hardware-Based Memory Acquisition Procedure for Digital Investigations

    A research paper explaining a procedure for acquiring volatile memory using a hardware expansion card that can copy memory to an external storage device.

    Tags: PCI, DMA Attack

  • TRESOR-HUNT: Attacking CPU-Bound Encryption

    TRESOR and similar systems strive to confine the encryption key and encryption process itself to the CPU so that sensitive key material is never released into system memory where it could be accessed by a DMA attack.  This paper describes how such systems systems are nonetheless vulnerable to DMA attack.

    Tags: DMA Attack, TRESOR, Memory Encryption

  • CARMA: A Hardware Tamper-Resistant Isolated Execution Environment on Commodity x86 Platforms

    A research paper describing the design and implementation of an isolated execution environment on commodity x86 platforms that only relies on the CPU, without needing to trust the memory, buses, peripherals, or any other system components.

    Tags: Secure Execution, Cache-as-RAM

  • Protecting Cryptographic Keys From Memory Disclosure Attacks

    A research paper describing how memory containing cryptographic keys can be exposed along with mechanisms to deal with the exposure of cryptographic keys caused by memory disclosure attacks. The suggested countermeasures can secure small portions of memory.

    Tags: DMA Attack, Memory Encryption

  • TRESOR Runs Encryption Securely Outside RAM

    A research paper describing TRESOR, a Linux kernel patch that implements the AES encryption algorithm and its key management solely on the microprocessor. Instead of using RAM to store encryption materials, TRESOR ensures that all encryption states as well as the secret key and any part of it are only stored in processor registers throughout the operational time of the system.

    Tags: Cold Boot Attack, TRESOR