DOCSLIB.ORG

Thunderbolt: Exposure and Mitigation CS838-1 - Fall 2013 Final Project Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Thunderbolt: Exposure and Mitigation CS838-1 - Fall 2013 Final Project Report Thunderbolt: Exposure and Mitigation CS838-1 - Fall 2013 Final Project Report Saul St. John University of Wisconsin - Madison Abstract of a specially-constructed, purpose specific malicious de- vice. The Thunderbolt interface, similarly to its quasi- The contributions of this paper are two-fold: first, we predecessor, FireWire, exposes to external peripherals demonstrate the practicality of this attack using an in- direct access to the system bus. What’s more, Thun- expensive, commonly available Thunderbolt adapter and derbolt exacerbates said previously existing vulnerabil- widely-available software to construct a malicious device ity by exposing additional platform features to connected capable of exploiting a system via the Thunderbolt in- devices. In this paper, we begin by describing and terface. Secondly, we demonstrate that commonly sug- exploring these vulnerabilities. We then discuss mit- gested mitigation tactics are ineffective in the face of this igation tactics against these attacks, both well-known attack. and novel. Subsequently, we consider countermeasures The next section describes the Thunderbolt architec- against these techniques to mitigate a Thunderbolt-borne ture in greater detail, with a focus on the implementation threat. Finally, we discuss the construction of a proto- that exists on Apple MacBook computers. The subse- type of a device that appears to behave maliciously, and quent section discusses a prototype implementation of a show that no mitigation techniques suggested are suffi- malicious Thunderbolt device, and several potential fu- cient to prevent a multi-vector Thunderbolt-born attack ture enhancements to effect persistence and stealth. Next, in the usual case. mitigation tactics are presented and discussed. Finally, those tactics are analyzed, and their effectiveness evalu- 1 Introduction ated. In 2011, Apple and Intel released the first commercially 2 Background available implementation of their new Thunderbolt (ne Light Peak) peripheral device interface. Promoted as There are three key subsystems within a modern personal ”the most advanced I/O ever,” Thunderbolt ”supports computer that are responsible for the broad attack sur- high-resolution displays and high-performance data de- face exposed by the Thunderbolt interface. They are de- vices through a single, compact port.” It is able to ac- scribed herein. complish this feat by virtue of its architectural construc- tion: as a logical extension of the PCIe bus, Thunder- 2.1 Thunderbolt Controller bolt affords peripheral devices the same access to system functionality that any internal PCIe expansion card might Thunderbolt is, fundamentally, a hardware-agnostic se- consume. rial protocol for multiplexing multiple external signals. One of the primary facilities offered by the PCIe bus It achieves hardware-agnosticism by means of requiring architecture is the ability for devices to directly trans- active components in all interconnect cables. It thereby act with system memory, bypassing the CPU, via Direct abstracts itself from the need to define a physical-layer Memory Access (DMA). Through this interface, devices signaling protocol by requiring all interconnect devices might compromise the integrity of a running system or – including simple patch cables – to provide the neces- exfiltrate system data. As such, the Thunderbolt interface sary functionality in order transmit over a given medium. exposes the system to infiltration by malicious individu- Thunderbolt itself does not define the protocols which als with physical access to the machine and in possession it supports multiplexing over its own media– however, 1 at this time, the only known use-cases for Thunderbolt 3.1 DMA attack is transmission of DisplayPort signals and extension of the PCIe bus. As an extension of the PCIe bus, it acts Direct Memory Access is a feature of the PCI bus that as a transparent bridge– to the PCIe Root Complex, a was introduced to lessen the involvement of the sys- Thunderbolt-attached device appears no differently than tem CPU in I/O operations over the system bus. Prior any other PCIe device on a secondary bus. As such, to DMA, the process for transmitting data over the bus a Thunderbolt connected device can invoke all system required the CPU to chunk data to be transmitted into functionality ordinarily allowed to a PCIe bus-connected blocks acceptable for transmission over the bus and for device, such as participation in the system boot process, receipt by the device, and then send each such chunk in- peer-to-peer transactions over the PCI bus, and Direct dividually. On the reverse path, the system must period- Memory Access. ically poll the device for fresh data, and then retrieve it similarly. On a system supporting DMA, devices on the PCIe 2.2 Extensible Firmware Interface bus can be flagged as ’Bus Masters.’ A so-flagged de- vice is allowed to “drive” the system bus– to directly The Extensible Firmware Interface (EFI) is the logical issue read and write commands to system memory, un- successor to the traditional IBM PC architecture’s Ba- solicited. The intention is that the system notifies the sic Input/Output System (BIOS). Unlike BIOS, EFI was device of the memory address where it would like data designed from the ground-up to provide a modern run- to be written to or transmitted from, and the device be- time environment with well-defined and standardized in- comes responsible for satisfying the entirety of the re- terfaces to the system components which participate in quest. However, a malicious device need not so-operate. the boot process. DMA attacks against Apple systems are not unique to those systems with Thunderbolt interfaces; the FireWire interface previously used was also vulnerable to such an 2.3 I/O Memory Management Unit attack. As was shown in previous work, such as Incep- tion [1], this sort of attack can fully compromise a run- An I/O Memory Management Unit (IOMMU) is a de- ning system and exfiltrate arbitrary data. vice akin to a traditional MMU such as might live in the North Bridge of a traditional Intel x86 architecture sys- tem. Rather than translating virtual addresses to phys- 3.2 Option ROM attack ical addresses, however, it offers a CPU-programmable In order to allow devices to participate in the system boot mechanism to facilitate the translation of bus addresses process, the PCI specification defines a mechanism by to physical addresses. On the Intel architecture, where which a device may expose an ’Option ROM’– a memory supported, IOMMU functionality is built into the system device which may extend the functionality of the system Platform Controller Hub, and branded “VT-d.” firmware so as to initialize itself, and provide services to In the Intel architecture, VT-d is positioned as a fea- the platform firmware. Under BIOS systems, this sort of ture for accelerating the I/O performance of hypervisor- facility was utilized to allow add-on graphic devices to hosted virtual machines, as it allows guest virtual ma- display messages from the system during initialization, chines to directly participate in DMA with host devices– and to expose network devices’ ability to provide a sys- the IOMMU, in this case, is programmed so as to trans- tem boot image, such as by PXE. late the addresses of guest-bound DMA to host-physical Under EFI, the Option ROM interface has become addresses. However, it has often been suggested for use much more general. All devices on the PCIe bus may in providing security to systems that expose interfaces expose an Option ROM, and said ROM may contain arbi- allowing DMA through external connectors (such as all trary data. If such data is an EFI driver image appropriate Intel-architecture Apple systems going back at least a for the execution platform, it is loaded into memory and decade.) executed during the EFI boot process’s DXE (Driver eX- ecution Environment) phase. As an EFI driver image dif- fers from an EFI executable image– such as an operating 3 Exposure system bootloader– only by a typecode in the image’s PE header, an EFI driver, when initialized, can perform any The Thunderbolt interface, by virtue of its ability to cou- of the same operations an OS bootloader or a platform ple external devices so closely to the system bus, exposes driver can. In other words, it executes in an unrestricted the system to a pair of attacks, described herein, each of environment with full access to system components. which can result in complete system compromise. As a result, an Option ROM can be used as the 2 launching-point for several types of attack. 3.2.3 EFI runtime services table poisoning The EFI provides a rich set of functionality to images 3.2.1 SMM attack executing in the pre-boot environment, called the Boot Services. Subsequent to system boot, however, those ser- On Intel-architecture systems, the System Management vices are no longer available. Instead, the EFI exposes a Mode (SMM) is a processor state where operating sys- much more limited set of services to an executing op- tem and userland execution is suspended, and platform- erating system, known as the Runtime Services Table. specific code executes to effect platform-specific ends This table contains pointers to firmware-provided exe- (such as power management, its original designed use- cutable code, located in memory and exposing a stan- case.). The code executed in SMM is hidden from in- dardized call-specification, which the operating system spection by the operating system by virtue of being lo- may call to invoke platform services. This interface al- cated at memory-addresses traditionally reserved for the lows the operating system to, for example, access plat- VGA graphics aperture. As this code is “invisible” from form NVRAM; however, it does not offer the rich set of the perspective of an initialized system, it is difficult functionality available to boot services, such as memory to validate or check for malware.
Load more

Recommended publications
  • System Buses EE2222 Computer Interfacing and Microprocessors
    System Buses EE2222 Computer Interfacing and Microprocessors Partially based on Computer Organization and Architecture by William Stallings Computer Electronics by Thomas Blum 2020 EE2222 1 Connecting • All the units must be connected • Different type of connection for different type of unit • CPU • Memory • Input/Output 2020 EE2222 2 CPU Connection • Reads instruction and data • Writes out data (after processing) • Sends control signals to other units • Receives (& acts on) interrupts 2020 EE2222 3 Memory Connection • Receives and sends data • Receives addresses (of locations) • Receives control signals • Read • Write • Timing 2020 EE2222 4 Input/Output Connection(1) • Similar to memory from computer’s viewpoint • Output • Receive data from computer • Send data to peripheral • Input • Receive data from peripheral • Send data to computer 2020 EE2222 5 Input/Output Connection(2) • Receive control signals from computer • Send control signals to peripherals • e.g. spin disk • Receive addresses from computer • e.g. port number to identify peripheral • Send interrupt signals (control) 2020 EE2222 6 What is a Bus? • A communication pathway connecting two or more devices • Usually broadcast (all components see signal) • Often grouped • A number of channels in one bus • e.g. 32 bit data bus is 32 separate single bit channels • Power lines may not be shown 2020 EE2222 7 Bus Interconnection Scheme 2020 EE2222 8 Data bus • Carries data • Remember that there is no difference between “data” and “instruction” at this level • Width is a key determinant of performance • 8, 16, 32, 64 bit 2020 EE2222 9 Address bus • Identify the source or destination of data • e.g. CPU needs to read an instruction (data) from a given location in memory • Bus width determines maximum memory capacity of system • e.g.
    [Show full text]
  • Getting Started with Your VXI-1394 Interface for Windows NT/98 And
    VXI Getting Started with Your VXI-1394 Interface for Windows NT/98 VXI-1394 Interface for Windows NT/98 November 1999 Edition Part Number 322109D-01 Worldwide Technical Support and Product Information www.ni.com National Instruments Corporate Headquarters 11500 North Mopac Expressway Austin, Texas 78759-3504 USA Tel: 512 794 0100 Worldwide Offices Australia 03 9879 5166, Austria 0662 45 79 90 0, Belgium 02 757 00 20, Brazil 011 284 5011, Canada (Calgary) 403 274 9391, Canada (Ontario) 905 785 0085, Canada (Québec) 514 694 8521, China 0755 3904939, Denmark 45 76 26 00, Finland 09 725 725 11, France 01 48 14 24 24, Germany 089 741 31 30, Greece 30 1 42 96 427, Hong Kong 2645 3186, India 91805275406, Israel 03 6120092, Italy 02 413091, Japan 03 5472 2970, Korea 02 596 7456, Mexico (D.F.) 5 280 7625, Mexico (Monterrey) 8 357 7695, Netherlands 0348 433466, Norway 32 27 73 00, Poland 48 22 528 94 06, Portugal 351 1 726 9011, Singapore 2265886, Spain 91 640 0085, Sweden 08 587 895 00, Switzerland 056 200 51 51, Taiwan 02 2377 1200, United Kingdom 01635 523545 For further support information, see the Technical Support Resources appendix. To comment on the documentation, send e-mail to [email protected] © Copyright 1998, 1999 National Instruments Corporation. All rights reserved. Important Information Warranty The National Instruments VXI-1394 board is warranted against defects in materials and workmanship for a period of one year from the date of shipment, as evidenced by receipts or other documentation. National Instruments will, at its option, repair or replace equipment that proves to be defective during the warranty period.
    [Show full text]
  • Mamaoma Writing EISA Bus Device Drivers
    DEC OSF/l mamaoma Writing EISA Bus Device Drivers Part Number: AA-QOR6A-TE DEC OSF/1 Writing EISA Bus Device Drivers Order Number: AA-QOR6A-TE February 1994 Product Version: DEC OSF/1 Version 2.0 or higher This guide contains information systems engineers need to write device drivers that operate on the EISA bus. The guide describes EISA bus­ specific topics, including EISA bus architecture and the data structures that EISA bus drivers use. digital equipment corporation Maynard, Massachusetts Restricted Rights: Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii). Digital Equipment Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Digital or an authorized sublicensor. © Digital Equipment Corporation 1994 All rights reserved. The following are trademarks of Digital Equipment Corporation: ALL-IN-I, Alpha AXP, AXP, Bookreader, CDA, DDIS, DEC, DEC FUSE, DECnet, DEC station, DECsystem, DECUS, DECwindows, DTIF, MASSBUS, MicroVAX, Q-bus, ULTRIX, ULTRIX Mail Connection, ULTRIX Worksystem Software, UNIBUS, VAX, V AXstation, VMS, XUI, and the DIGITAL logo. UNIX is a registered trademark licensed exclusively by X/Open Company Limited. Open Software Foundation, OSF, OSFIl, OSFlMotif, and Motif are trademarks of the Open Software Foundation, Inc.
    [Show full text]
  • NCR 53C700/53C700-66 SCSI 1/0 Processor Data Manual
    NCR 53C700/53C700-66 SCSI 1/0 Processor Data Manual The product(s) described in this publication is a licensed product of NCR Corporation. TolerANT and SCSI SCRIPTS are registered trademarks of NCR Corporation. It is the policy of NCR Corporation to improve products as new technology, components, software, and firmware become available. NCR Corporation, therefore, reserves the right to change specifications without notice. NCR products are not intended for use in life-suppott appliances, devices, or systems. Use of an NCR product in such applications without the written consent ofthe appropriate NCR officer is prohibited. For information on updates to this or other NCR products, contact the NCR Microelectronic Products Division electronic bulletin board at (719) 596-1649. Copyright ©1993 By NCR Corporation Dayton, Ohio U.S.A. All Rights Reserved Printed in U.S.A. c Preface SCSI Specifications This manual assumes some prior knowledge of current and proposed SCSI standards. For background information, please contact: ANSI 11 West 42nd Street New York, NY 10036 (212) 642-4900 Ask for document number X3.131-1986 (SCSI-I) Global Engineering Documents 2805 McGaw Irvine, CA 92714 (800)-854-7179 or (714) 261-1455 .? Ask for document number X3.131-199X (SCSI-2) ENDL Publications 14426 Black Walnut Court Saratoga, CA 95070 (408) 867-6642 Document names: SCSI Bench Reference, SCSI Encyclopedia Prentice Hall Englewood Cliffs, NJ 07632 (201) 767-5937 Ask for document number ISBN 0-13-796855-8, SCSI: Understanding the Small Computer System Inter­ face NCR Microelectronic Products Division Electronic Bulletin Board (719) 596-1649 The SCSI Electronic Bulletin Board (719) 574-0424 NCR 53C700/53C700-66 Data Manual Revision Record Page No.
    [Show full text]
  • PCI Express Basics & Background
    PCI Express® Basics & Background Richard Solomon Synopsys Copyright © 2014, PCI-SIG, All Rights Reserved 1 Acknowledgements Thanks are due to Ravi Budruk, Mindshare, Inc. for much of the material on PCI Express Basics PCIe Technology Seminar Copyright © 2014, PCI-SIG, All Rights Reserved 2 Agenda . PCI Express Background . PCI Express Basics . PCI Express Recent Developments PCIe Technology Seminar Copyright © 2014, PCI-SIG, All Rights Reserved 3 PCI Express Background PCIe Technology Seminar Copyright © 2014, PCI-SIG, All Rights Reserved 4 Revolutionary AND Evolutionary . PCI™ (1992/1993) Revolutionary – Plug and Play jumperless configuration (BARs) – Unprecedented bandwidth • 32-bit / 33MHz – 133MB/sec • 64-bit / 66MHz – 533MB/sec – Designed from day 1 for bus-mastering adapters Evolutionary – System BIOS maps devices then operating systems boot and run without further knowledge of PCI – PCI-aware O/S could gain improved functionality – PCI 2.1 (1995) doubled bandwidth with 66MHz mode PCIe Technology Seminar Copyright © 2014, PCI-SIG, All Rights Reserved 5 Revolutionary AND Evolutionary . PCI-X™ (1999) Revolutionary – Unprecedented bandwidth • Up to 1066MB/sec with 64-bit / 133MHz – Registered bus protocol • Eased electrical timing requirements – Brought split transactions into PCI “world” Evolutionary – PCI compatible at hardware *AND* software levels – PCI-X 2.0 (2003) doubled bandwidth • 2133MB/sec at PCI-X 266 and 4266MB/sec at PCI-X 533 PCIe Technology Seminar Copyright © 2014, PCI-SIG, All Rights Reserved 6 Revolutionary AND Evolutionary . PCI Express – aka PCIe® (2002) Revolutionary – Unprecedented bandwidth • x1: up to 1GB/sec in *EACH* direction • x16: up to 16GB/sec in *EACH* direction – “Relaxed” electricals due to serial bus architecture • Point-to-point, low voltage, dual simplex with embedded clocking Evolutionary – PCI compatible at software level • Configuration space, Power Management, etc.
    [Show full text]
  • Industrial I/O Solutions 12-1
    Table of Contents / Industrial I/O Solutions 12-1 12 Industrial I/O Solutions 12-4 DAQ-Embedded Computers 12-5 Analog I/O and Multifunction Cards 12-9 Digital I/O and Multifunction Cards 12-15 USB I/O Modules and USB Hubs 12-18 Signal Conditioners and Terminal Boards 12-21 Serial Communication Cards 12-2 Product Introduction Advantech Data Acquisition and Control Solutions As a leading supplier of data acquisition products worldwide, Advantech offers a wide range of I/O devices with various interfaces and functions based on PC technology, from legacy ISA to modern USB and from signal-conditioning to graphical software tools. Advantech’s industrial I/O products are reliable, accurate, affordable, and suitable for many industrial automation applications (e.g., testing and measurement) and laboratory applications (e.g., monitoring, control, machine automation, and product testing). Signal Sensing Signal Conditioning Data Acquisition Signal Conditioners Embedded Computers Advantech’s signal conditioners provide sensor MIC-1800 series units are standalone embedded and signal conditioning on a per-module basis for computers with integrated data acquisition modules various types of sensors or signals. and signal conditioning to provide digital I/O, analog I/O, and counter functions. The palm-sized design with built-in terminals is suitable for space-limited applications. I/O Wiring Terminal Boards SuperSpeed USB 3.0 I/O Modules Equipment Sensor I/O wiring terminal boards offer convenient and SuperSpeed USB 3.0 I/O modules can be leveraged reliable signal wiring for a wide range of Advantech for a diverse range of industrial control applications.
    [Show full text]
  • UPA—Sun'shighperformance Graphicsconnection
    UPA—Sun’sHighPerformance GraphicsConnection TechnicalWhitePaper 1999 Sun Microsystems, Inc. All rights reserved. Printed in the United States of America. 901 San Antonio Road, Palo Alto, California 94303 U.S.A. The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications. TRADEMARKS Sun, Sun Microsystems, the Sun logo, Ultra, Sun Elite3D, Sun Enterprise, Java 3D, PGX, Java, SBus, and VIS are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. OpenGL is a registered trademark of Silicon Graphics, Inc. THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THE PUBLICATION. SUN MICROSYSTEMS, INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS PUBLICATION AT ANY TIME. Please Recycle Contents Introduction. 1 Analyzing System Design and Application Performance. 2 Design Trade-offs . 2 An Overview of the UPA Interconnect . 3 Scalability, High Bandwidth, and Efficiency . 5 The UPA64S Graphics Bus. 6 Characterizing Application Performance and Bus Traffic. 7 UPA64S and Other Graphics Bus Technologies .
    [Show full text]
  • USER MANUAL for USB 2.0 Card Bus Notice
    USER MANUAL for USB 2.0 Card Bus Notice: This manual is designed to provide information about the USB2.0 Card Bus. Every effort has been made to make this manual as accurate as possible, but no warranty or fitness is implied. Information contained in this manual is subject to change without prior notice in order to improve reliability, design or function. The manufacturer will not be held responsible for technical or editorial omissions made herein, nor for the incidental or consequential damages resulting from its furnishing, performance, functionality or use. Subsequent changes to this manual will be incorporated into the next edition. We welcome any suggestion regarding this manual or our computer products. Trademarks All product names or trademarks are property of their respective owners. Overview The CardBus holds a secure place as the preferred high-performance add-in-mechanism for mobile computing platforms today and in the future. CardBus, the 32-bit high performance bus mastering architecture for PC Cards, was standardized by the PCMCIA. The transfer rate is up to 480Mbit/sec, and is very useful for PC Camera, HDD, Printer…etc, and many other devices with USB2.0 interface. Features Compliant with Universal Serial Bus Specification Revision 2.0 (Transfer Rate 1.5/12/480 Mbps) Compliant with Open Host Controller Interface Specification for USB Rev 1.0a Compliant with Enhanced Host Controller Interface Specification for USB Rev 0.95 All downstream facing ports can handle high-speed (480 Mbps), full-speed (12 Mbps), and low-speed (1.5 Mbps) transaction Plug & Play functions Supports 32 bit CardBus PC Card Type II slots Supports Bus Power Operation System Requirements Windows 98/98SE/2000/ME/XP Mac OS 10.1 1 USER MANUAL for USB 2.0 Card Bus Package Contents One USB2.0 CardBus One CD driver with user’s manual Cautions 1.
    [Show full text]
  • Position Paper:Defending Direct Memory Access with CHERI
    Position Paper: Defending Direct Memory Access with CHERI Capabilities A. Theodore Markettos John Baldwin Ruslan Bukin University of Cambridge Ararat River Consulting University of Cambridge [email protected] Peter G. Neumann Simon W. Moore Robert N. M. Watson SRI International University of Cambridge University of Cambridge ABSTRACT We propose new solutions that can efficiently address the problem of malicious memory access from pluggable computer peripherals and microcontrollers embedded within a system-on-chip. This prob- lem represents a serious emerging threat to total-system computer security. Previous work has shown that existing defenses are insuf- ficient and poorly deployed, in part due to performance concerns. In this paper we explore the threat and its implications for system architecture. We propose a range of protection techniques, from lightweight to heavyweight, across different classes of systems. We consider how emerging capability architectures (and specifically the CHERI protection model) can enhance protection and provide Figure 1: A typical computer system contains multiple a convenient bridge to describe interactions among software and components with rights to directly access memory – not hardware components. Finally, we describe how new schemes may only from internal processor cores, but also from peripheral be more efficient than existing defenses. devices. Those which do not have access to DMA typically ACM Reference Format: can intermediate via a host controller that does. A. Theodore Markettos, John Baldwin, Ruslan Bukin, Peter G. Neumann, Simon W. Moore, and Robert N. M. Watson. 2020. Position Paper: Defending Direct Memory Access with CHERI Capabilities. In Proceedings of Hardware and Architectural Support for Security and Privacy (HASP’20).
    [Show full text]
  • Safety and Certification Approaches for Ethernet-Based Aviation
    DOT/FAA/AR-05/52 Safety and Certification Office of Aviation Research and Development Approaches for Ethernet-Based Washington, D.C. 20591 Aviation Databuses December 2005 Final Report This document is available to the U.S. public through the National Technical Information Service (NTIS), Springfield, Virginia 22161. U.S. Department of Transportation Federal Aviation Administration NOTICE This document is disseminated under the sponsorship of the U.S. Department of Transportation in the interest of information exchange. The United States Government assumes no liability for the contents or use thereof. The United States Government does not endorse products or manufacturers. Trade or manufacturer’s names appear herein solely because they are considered essential to the objective of this report. This document does not constitute FAA certification policy. Consult your local FAA aircraft certification office as to its use. This report is available at the Federal Aviation Administration William J. Hughes Technical Center’s Full-Text Technical Reports page: actlibrary.tc.faa.gov in Adobe Acrobat portable document format (PDF). Technical Report Documentation Page 1. Report No. 2. Government Accession No. 3. Recipient’s Catalog No. DOT/FAA/AR-05/52 4. Title and Subtitle 5. Report Date December 2005 SAFETY AND CERTIFICATION APPROACHES FOR ETHERNET-BASED 6. Performing Organization Code AVIATION DATABUSES 7. Author(s) 8. Performing Organization Report No. 1 2 2 Yann-Hang Lee , Elliott Rachlin , and Philip A. Scandura, Jr. 9. Performing Organization Name and Address 10. Work Unit No. (TRAIS) 1 2 Arizona State University Honeywell Laboratories th Office of Research and Sponsored Projects 2111 N. 19 Avenue 11.
    [Show full text]
  • Analysis of Mechanisms for TCBE Control of Object Reuse in Clients
    Calhoun: The NPS Institutional Archive Theses and Dissertations Thesis Collection 2000-03 Analysis of mechanisms for TCBE control of object reuse in clients Agacayak, Cihan. Monterey, California. Naval Postgraduate School http://hdl.handle.net/10945/32946 NAVAL POSTGRADUATE SCHOOL Monterey, California THESIS ANALYSIS OF MECHANISMS FOR TCBE CONTROL OF OBJECT REUSE IN CLIENTS by Cihan Agacayak March2000 Thesis Advisor: Cynthia E. Irvine Second Reader: William A. Arbaugh Approved for public release; distribution is unlimited. 20000622 018 -- ------- - ___) REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE 3. REPORT TYPE AND DATES COVERED March2000 Master's Thesis 4. TITLE AND SUBTITLE 5. FUNDING NUMBERS Analysis of Mechanisms for TCBE Control of Object Reuse in Clients 6. AUTHOR(S) Cihan Agacayak. 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT Naval Postgraduate School NUMBER Monterey, CA 93943-5000 9. SPONSORING I MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING I MONITORING AGENCY REPORT NUMBER 11.
    [Show full text]
  • DMA, System Buses and Peripheral Buses
    EECE 379 : DESIGN OF DIGITAL AND MICROCOMPUTER SYSTEMS 2000/2001 WINTER SESSION, TERM 1 DMA, System Buses and Peripheral Buses Direct Memory Access is a method of transferring data between peripherals and memory without using the CPU. After this lecture you should be able to: identify the advantages and disadvantages of using DMA and programmed I/O, select the most appropriate method for a particular application. System buses are the buses used to interface the CPU with memory and peripherals on separate PC cards. The ISA and PCI buses are used as examples. You should be able to state the most important specifications of both buses. Serial interfaces are typically used to connect computer systems and low-speed external peripherals such as modems and printers. Serial interfaces reduce the cost of interconnecting devices because the bits in a byte are time-multiplexed onto a single wire and connector. After this lecture you should be able to describe the operation and format of data and handshaking signals on an RS-232 interface. Parallel ports are also used to interface the CPU to I/O devices. Two common parallel port standards, the “Centron- ics” parallel printer port and the SCSI interface are described. After this lecture you should be able to design simple input and output I/O ports using address decoders, registers and tri-state buffers. Programmed I/O Approximately how many bus cycles will be required? Programmed I/O (PIO) refers to using input and out- put (or move) instructions to transfer data between Direct Memory Access (DMA) memory and the registers on a peripheral interface.
    [Show full text]