2001
DOI: 10.1109/2.955101
|View full text |Cite
|
Sign up to set email alerts
|

API-level attacks on embedded systems

Abstract: A whole new family of attacks has recently been discovered on the application programming interfaces (APIs) used by security processors. These extend and generalise a number of attacks already known on authentication protocols. The basic idea is that by presenting valid commands to the security processor, but in an unexpected sequence, it is possible to obtain results that break the security policy envisioned by its designer. Such attacks are economically important, as security processors are used to support a… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
56
0

Year Published

2005
2005
2017
2017

Publication Types

Select...
9

Relationship

0
9

Authors

Journals

citations
Cited by 80 publications
(56 citation statements)
references
References 9 publications
0
56
0
Order By: Relevance
“…The approach focuses on how confidence in protocol components can be traced across the deployment; it does not analyze vulnerabilities in the underlying behavior of the components (for example API attacks [4]) or their interaction (for example protocol analysis [5,2]), though such techniques could be used to inform the degree of confidence measure. A Needham-Schoeder style protocol deployment was analyzed in this framework.…”
Section: Discussionmentioning
confidence: 99%
“…The approach focuses on how confidence in protocol components can be traced across the deployment; it does not analyze vulnerabilities in the underlying behavior of the components (for example API attacks [4]) or their interaction (for example protocol analysis [5,2]), though such techniques could be used to inform the degree of confidence measure. A Needham-Schoeder style protocol deployment was analyzed in this framework.…”
Section: Discussionmentioning
confidence: 99%
“…We fear however that, while the sandboxing idea will stop most of the malware attacks targeted at the pre-hats versions of the underlying OS, a determined attacker working specifically against the multi-hat configuration will in most cases be able to bypass the protection, possibly using techniques inspired by the API attacks community [11]. There are just too many possible interactions if the machine must still be usable and user-friendly.…”
Section: One User Many Hatsmentioning
confidence: 99%
“…To carry out this check, we maintain a list W of triples (h, h , w) such that the query O C WrapKey (h, h ) received the response w. 3 If the wrap submitted to O C UnwrapKey was indeed generated by the token, we know the contents of the wrap, so the new handle is given the same index of the originally wrapped handle. 4 If the wrap submitted to O C UnwrapKey was not generated by the token, then it was forged by the adversary. If the unwrapping key is compromised, then the new handle is assumed compromised and given index 0.…”
Section: Security Definitionmentioning
confidence: 99%