A chipset level network backdoor: Bypassing host-based firewall & IDS

Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09

Volumn , Issue , 2009, Pages 125-134

  Sparks, Sherri ^a   Embleton, Shawn ^a   Zou, Cliff C ^a  

^a University of Central Florida   (United States)

Author keywords

Hardware security; Network backdoor; Rootkit

Indexed keywords

BACKDOORS; CHIP SETS; CHIPSET; HARDWARE SECURITY; HOST-BASED; HOST-BASED INTRUSION DETECTION; NETWORK INTERFACE CARDS; PROOF OF CONCEPT; SECURITY SOFTWARE; TERRORIST ATTACKS;

COMPUTER HARDWARE; COMPUTER SOFTWARE; INTERFACES (COMPUTER); INTRUSION DETECTION; PACKET NETWORKS;

NETWORK SECURITY;

EID: 77952353295     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1533057.1533076     Document Type: Conference Paper

References (30)

1. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3B: System Programming Guide, Part 2. May 2007.
2. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3A: System Programming Guide, Part 1. May 2007.
3. Intel Corporation. Intel 8255x 10/100 Mbps Ethernet Controller Family: Open Source Software Developer Manual, January 2006.
4. R. Bejtlich. Extrusion Detection: Security Monitoring for Internal Intrusions. AddisonWesley, first edition, 2006.
5. Joanna Rutkowska. "Rootkits vs. Stealth by Design Malware", Presented at Black Hat, Europe 2006.
6. Alexander Tereshkin. "Rootkits: Attacking Personal Firewalls", Presented at Black Hat USA, 2006.
7. Windows XP Firewall. http://www.microsoft.com/windowsxp/using/networking/ sec urity/winfirewall.mspx
8. Zone Alarm. http://www.zonealarm.com/store/content/home.jsp
9. Snort. http://www.snort.org
10. AOL/NCSA Online Safety Study. Conducted by America Online and the National Cyber Security Alliance. Dec. 2005.
11. Microsoft Corporation. Windows XP Firewall.
12. Chipset. http://en. wikipedia.org/wiki/Chipset
13. Gramm-Leach Bliley Act. http://www.ftc.gov/privacy/privacyinitiatives/ glbact.html
14. Payment Card Industry Data Security Standard. https://www. pcisecuritystandards.org
15. J. Bulter and G. Hoglund. "Rootkits: Subverting the Windows Kernel." Addison Wesley. 2005.
16. W. Cui, R. H. Katz, and W. Tan. BINDER: An Extrusion-based Break-In Detector for Personal Computers. In 2005 USENIX Annual Technical Conference. 2005.
17. Salvador Mandujano. "Identifying Attack Code through an Ontology-Based Multiagent Tool: FROID." In Proceedings of the World Academy of Science, Engineering, and Technology, June 2005.
18. F. Bellifemine, A. Poggi, and G. Rimassa. "JADE - A FIPA-compliant agent framework." In Proceedings of Practical Applications of Intelligent Agents, 1999.
19. K. Borders and A. Prakash. "Web Tap: Detecting Covert Web Traffic". In ACM Conference on Commputer and Communications Security. 2004.
20. Y. Zhang and V. Paxson. "Detecting Backdoors". In Proceedings of the 9th USENIX Security Symposium. August, 2000.
21. NDIS. http://en. wikipedia.org/wiki/Network-Driver-Interface- Specification
22. Network Packet Generator. http://www.wikistc.org/wiki/Network-packet- generator
23. * NT Rootkit, patching the NT Kernel". In Phrack Vol. 9, Issue 55. 1999.
24. J. Heasman. Implementing and Detecting an ACPI BIOS Rootkit. Presented at Black Hat Federal, 2006.
25. x86 virtualization. http://en. wikipedia.org/wiki/X86-virtualization
26. ® Virtualization Technology for Directed I/O. http://www.intel.com/technology/itj/2006/v10i3/2-io/7-concl usion.htm
27. Extrusion detection. http://en. wikipedia.org/wiki/Extrusion-detection
28. D. Whyte, P. Oorschot, E. Kranakis. Exposure Maps: Removing Reliance on Attribution during Scanning Detection. USENIX HotSec 2006.
29. VMware VMsafe Security Technology. http://www.vmware.com/technology/ security/vmsafe.html
30. XenAccess Library. http://code.google.com/p/xenaccess/