Cryptographically Secure Detection of Injection Attacks

Direct Memory Access (DMA) attacks can allow attackers to access memory directly, bypassing OS supervision or software protections. In this work, we put forth and benchmark a cryptographically secure attestation scheme, which detects DMA attacks. In fact, our scheme detects any attack in a more general class of attacks which we call "direct injection". We prove security of our scheme under a realistic machine model which extends in a non-trivial manner a cryptographic model proposed by Lipton, Ostrovsky, and Zikas (ICALP 2016.) Despite the fact that our scheme, in its current form, protects against write-only attacks, both our security model and our scheme can be extended to allow the attacker to have additional read access to memory---thereby capturing leakage---as well as detecting more types of memory corruptions such as bit flips.