Abstract
With the recent significant advancements in machine learning fields, there has been an increasing focus on the data security and availability of servers, which serve as critical hardware infrastructure supporting AI computations. However, most existing security research has primarily focused on upper layers, attempting to defend against attacks from applications and operating system , thereby neglecting research in firmware and lower-level management modules. Nevertheless, these fields are crucial in constructing a comprehensive security chain. To analyze the security of lower-level management modules, this paper introduces a method for privilege escalation through vulnerabilities in the Baseboard Management Controller (BMC) of the server. The BMC is a critical component responsible for managing and monitoring the hardware of the server. This method allows for bypassing the Kernel Address Space Layout Randomization (KASLR) protection of the Linux kernel and implanting a backdoor into the host operating system, thereby gaining root access to the host. Through this method, we can access server memory data or execute malicious programs arbitrarily without physical contact, and reinstalling the system cannot overwrite the modifications made in the BMC. This poses a significant security threat to servers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Liu, H., Xia, H., Tu, B.: Secure and efficient BMC-based centralized management method for large-scale data centers. In: 2022 IEEE 24th International Conference on High Performance Computing & Communications; 8th International Conference on Data Science & Systems; 20th International Conference On Smart City; 8th International Conference on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys), pp. 1328–1335 (2022)
Nadir, I., Mahmood, H., Asadullah, G.: A taxonomy of IoT firmware security and principal firmware analysis techniques. Int. J. Crit. Infrastruct. Prot. 38, 100552 (2022)
Frazelle, J.: Opening up the baseboard management controller. Commun. ACM 63, 38–40 (2020)
Périgaud, F., Gazet, A., Czarny, J.: Subverting your server through its BMC: the HPE iLO4 case. Recon Brussels (2018)
Gazet, A., Périgaud, F., Czarny, J.: HPE iLO 5 security: Go home cryptoprocessor, you’re drunk!
Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: 2013 IEEE Symposium on Security and Privacy, pp. 191–205 (2013)
Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), pp. 1–13 (2016)
Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 368–379 (2016)
Chen, Y., Lin, Z., Xing, X.: A systematic study of elastic objects in kernel exploitation. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 1165–1184 (2020)
Koschel, J., Giuffrida, C., Bos, H., Razavi, K.: TagBleed: breaking KASLR on the isolated kernel address space using tagged TLBs. In: 2020 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 309–321 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, Y., Qiu, K., Liu, L., Zhang, Q. (2024). Penetrating Machine Learning Servers via Exploiting BMC Vulnerability. In: Kim, D.D., Chen, C. (eds) Machine Learning for Cyber Security. ML4CS 2023. Lecture Notes in Computer Science, vol 14541. Springer, Singapore. https://doi.org/10.1007/978-981-97-2458-1_11
Download citation
DOI: https://doi.org/10.1007/978-981-97-2458-1_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-2457-4
Online ISBN: 978-981-97-2458-1
eBook Packages: Computer ScienceComputer Science (R0)