1. Summary
ATRA is Address Translation Redirection Attack.
It is enables complete evasion of the hardware-based external monitor that anchors its trust on a separate processor.
ATRA has two types : Memory-bound ATRA and Register-bound ATRA
Memory-bound ATRA targets the PGD and PTE in order to change the address translation mapping.
Register-bound ATRA exploits the fact that all existing hardware-based external monitors are incapable of monitoring CPU states.
2. Related Work Summary
➀ ATRA inpired from Sharif’s work and Payne’s work.
➁ But, there has not been a practical implementation and evaluation on the effectiveness of ATRA.
3. The good
➀ Run a author’s code through modify the CR3 register value.
4. The Bad
➀ Author explain the experiment in x86 system which has 2 step paging structure.
but, 2단계 페이징 뿐 아니라 여러 페이징 구조에서 실험을 했다면 더 재밌었을 것 같다.
ps. 숙제 너무 대충 한듯.....ㅠㅠ
'정보보안 > 커널 보안' 카테고리의 다른 글
| TrustVisor Summary (0) | 2015.10.15 |
|---|---|
| CHERI Summary (0) | 2015.10.15 |
| KI-Mon Summary (0) | 2015.10.15 |
| Vigilare Summary (0) | 2015.10.15 |
| Copilot summary (0) | 2015.10.15 |