Forensic BMC

Art der Arbeit:

Projektarbeit

Betreuer:

Latzo, Tobias
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)
Telefon +49 9131 85 69911, Fax +49 9131 85 69919, E-Mail: tobias.latzo@fau.de

Beschreibung der Arbeit:

The Baseboard Management Controller (BMC) is a co-processor on server platforms that allows an administrator to maintain the system remotely. Thereby, no additional software is needed on the target platform. Usually, these systems implement the Intelligent Platform Management Interface (IPMI) [1]. Basically, the BMC corresponds to the Intel Management Engine (ME) [2] on desktop platforms and can also be referred as ring -3 [3].
The goal of this work is to bring forensic capabilities to the BMC. Therefore, the OpenBMC project can be used. OpenBMC is a Linux distribution that runs on the BMC and so it is Open Source. Furthermore, there is a QEMU support that eases debugging. The following features should be implemented:

• remote acquisition of host memory

• remote acquisition of the host hard drives

• code injection to the host

• etc.

--------- 1 (https://www.intel.com/content/www/us/en/servers/ipmi/ipmi-home.html) 2 (https://www.howtogeek.com/334013/intel-management-engine-explained-the-tiny-computer-inside-your-cpu/) 3 (https://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf) 4 (https://github.com/openbmc/openbmc)

Schlagwörter:

Forensics

Bearbeitungszustand:

Die Arbeit ist bereits abgeschlossen.