Research Team Develops Malicious Hardware
ITI member and computer science professor Sam King and a research team that consisted of Ph.D. students Joseph Tucek, Anthony Cozzie, Chris Grier, and Weihang Jiang, along with ITI member and computer science professor YY Zhou, have demonstrated the design and implementation of malicious hardware chips they call Illinois Malicious Processors (IMPs). The chips demonstrate that an attacker, rather than designing one specific attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general-purpose attacks, while requiring a surprisingly low amount of additional hardware.
The team demonstrated two such hardware designs and implemented them in a real system during the Usenix Workshop on Large-Scale Exploits and Emergent Threats conference in April. At the conference, the team also demonstrated three powerful attacks using the hardware, including a login backdoor that gives an attacker complete and high-level access to the machine.
Attacks involving computer chips that have been altered to permit such access would be almost impossible to detect. "This is like the ultimate back door," said King. "There were no software bugs exploited." Instead, the researchers reprogrammed a chip, which was a LEON processor running the Linux operating system, to allow the injection of malicious firmware into the chip's memory. The team only needed to change a small fraction, less than 2%, of the processor circuits. The alterations made it possible for attackers to log in as if they were legitimate users.
The researchers' Usenix paper, "Designing and Implementing Malicious Hardware," earned the Best Paper award at the conference, and received wide media coverage. The team is now working to find a way to detect the kind of malicious processors they developed.
Writers: Jennifer LaMontagne and Jenny Applequist.
Contact: Jenny Applequist, Senior Program Manager, Information Trust Institute, applequi AT iti.uiuc.edu, 217-244-8920.
July 16, 2008