{"id":"https://openalex.org/W1968549720","doi":"https://doi.org/10.1145/2523649.2523661","title":"Implementation and implications of a stealth hard-drive backdoor","display_name":"Implementation and implications of a stealth hard-drive backdoor","publication_year":2013,"publication_date":"2013-12-09","ids":{"openalex":"https://openalex.org/W1968549720","doi":"https://doi.org/10.1145/2523649.2523661","mag":"1968549720"},"language":"en","primary_location":{"id":"doi:10.1145/2523649.2523661","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523649.2523661","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual Computer Security Applications Conference","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058575892","display_name":"Jonas Zaddach","orcid":null},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Jonas Zaddach","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France","EURECOM Sophia Antipolis, France#TAB#"],"affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM Sophia Antipolis, France#TAB#","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012013613","display_name":"Anil Kurmus","orcid":null},"institutions":[{"id":"https://openalex.org/I4210126328","display_name":"IBM Research - Zurich","ror":"https://ror.org/02js37d36","country_code":"CH","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210126328"]},{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["CH","US"],"is_corresponding":false,"raw_author_name":"Anil Kurmus","raw_affiliation_strings":["IBM Research - Zurich, Switzerland","IBM Research-Zurich, Switzerland#TAB#"],"affiliations":[{"raw_affiliation_string":"IBM Research - Zurich, Switzerland","institution_ids":["https://openalex.org/I4210126328"]},{"raw_affiliation_string":"IBM Research-Zurich, Switzerland#TAB#","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002025561","display_name":"Davide Balzarotti","orcid":"https://orcid.org/0000-0001-5957-6213"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Davide Balzarotti","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France","EURECOM Sophia Antipolis, France#TAB#"],"affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM Sophia Antipolis, France#TAB#","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045932031","display_name":"Erik-Oliver Bla\u00df","orcid":"https://orcid.org/0009-0008-2791-1564"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Erik-Oliver Blass","raw_affiliation_strings":["Northeastern University, Boston, MA","Northeastern University, Boston (MA)#TAB#"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University, Boston (MA)#TAB#","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009355477","display_name":"Aur\u00e9lien Francillon","orcid":"https://orcid.org/0000-0003-0584-8732"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Aur\u00e9lien Francillon","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France","EURECOM Sophia Antipolis, France#TAB#"],"affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]},{"raw_affiliation_string":"EURECOM Sophia Antipolis, France#TAB#","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045625335","display_name":"Travis Goodspeed","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Travis Goodspeed","raw_affiliation_strings":["travis@radiantmachines.com"],"affiliations":[{"raw_affiliation_string":"travis@radiantmachines.com","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052870617","display_name":"Moitrayee Gupta","orcid":null},"institutions":[{"id":"https://openalex.org/I36258959","display_name":"University of California San Diego","ror":"https://ror.org/0168r3w48","country_code":"US","type":"education","lineage":["https://openalex.org/I36258959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Moitrayee Gupta","raw_affiliation_strings":["UCSD, La Jolla, CA","UCSD La Jolla, CA#TAB#"],"affiliations":[{"raw_affiliation_string":"UCSD, La Jolla, CA","institution_ids":["https://openalex.org/I36258959"]},{"raw_affiliation_string":"UCSD La Jolla, CA#TAB#","institution_ids":["https://openalex.org/I36258959"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058886808","display_name":"Ioannis Koltsidas","orcid":null},"institutions":[{"id":"https://openalex.org/I4210126328","display_name":"IBM Research - Zurich","ror":"https://ror.org/02js37d36","country_code":"CH","type":"facility","lineage":["https://openalex.org/I1341412227","https://openalex.org/I4210114115","https://openalex.org/I4210126328"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Ioannis Koltsidas","raw_affiliation_strings":["IBM Research - Zurich, R\u00fcschlikon, Switzerland"],"affiliations":[{"raw_affiliation_string":"IBM Research - Zurich, R\u00fcschlikon, Switzerland","institution_ids":["https://openalex.org/I4210126328"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5058575892"],"corresponding_institution_ids":["https://openalex.org/I1902872"],"apc_list":null,"apc_paid":null,"fwci":8.4604,"has_fulltext":false,"cited_by_count":60,"citation_normalized_percentile":{"value":0.97315574,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"279","last_page":"288"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.7974110841751099},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7896921038627625},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.7593395709991455},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.6442004442214966},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.601071834564209},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5838286280632019},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5314927101135254},{"id":"https://openalex.org/keywords/file-server","display_name":"File server","score":0.525558590888977},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5139982104301453},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4959124028682709},{"id":"https://openalex.org/keywords/raid","display_name":"RAID","score":0.4354185163974762},{"id":"https://openalex.org/keywords/upload","display_name":"Upload","score":0.4307451844215393},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.42746955156326294},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.376431941986084}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.7974110841751099},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7896921038627625},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.7593395709991455},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.6442004442214966},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.601071834564209},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5838286280632019},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5314927101135254},{"id":"https://openalex.org/C4373008","wikidata":"https://www.wikidata.org/wiki/Q513349","display_name":"File server","level":2,"score":0.525558590888977},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5139982104301453},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4959124028682709},{"id":"https://openalex.org/C133320665","wikidata":"https://www.wikidata.org/wiki/Q179299","display_name":"RAID","level":2,"score":0.4354185163974762},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.4307451844215393},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.42746955156326294},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.376431941986084},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2523649.2523661","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2523649.2523661","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 29th Annual Computer Security Applications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7900000214576721,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1320126135","display_name":null,"funder_award_id":"257007","funder_id":"https://openalex.org/F4320334960","funder_display_name":"Seventh Framework Programme"},{"id":"https://openalex.org/G4301148137","display_name":null,"funder_award_id":"1218197","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320334960","display_name":"Seventh Framework Programme","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":18,"referenced_works":["https://openalex.org/W161166442","https://openalex.org/W1541663547","https://openalex.org/W1556296739","https://openalex.org/W1618232605","https://openalex.org/W1986468587","https://openalex.org/W2021362805","https://openalex.org/W2058148176","https://openalex.org/W2122097147","https://openalex.org/W2135324748","https://openalex.org/W2169633417","https://openalex.org/W2170267084","https://openalex.org/W2350778671","https://openalex.org/W2397035252","https://openalex.org/W2406734572","https://openalex.org/W4299301436","https://openalex.org/W6632480037","https://openalex.org/W6633306432","https://openalex.org/W6680244492"],"related_works":["https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W4292107232","https://openalex.org/W3009072493","https://openalex.org/W2901970221","https://openalex.org/W3003734211","https://openalex.org/W2538659495","https://openalex.org/W4246450596"],"abstract_inverted_index":{"Modern":[0],"workstations":[1],"and":[2,53,122,162,225],"servers":[3],"implicitly":[4],"trust":[5],"hard":[6,25,45],"disks":[7,26],"to":[8,37,50,119,123,136,206],"act":[9],"as":[10,180],"well-behaved":[11],"block":[12,163],"devices.":[13],"This":[14,192],"paper":[15,193],"analyzes":[16],"the":[17,39,71,87,134,144,152,196,207,217],"catastrophic":[18],"loss":[19],"of":[20,41,86,198,209,219],"security":[21],"that":[22,33,66,105,141,195],"occurs":[23],"when":[24],"are":[27,75],"not":[28,204],"trustworthy.":[29],"First,":[30],"we":[31,61],"show":[32],"it":[34,213],"is":[35,91,131,203,214],"possible":[36],"compromise":[38],"firmware":[40],"a":[42,58,63,78,97,106,112,116,183,190],"commercial":[43],"off-the-shelf":[44],"drive,":[46],"by":[47],"resorting":[48],"only":[49],"public":[51],"information":[52],"reverse":[54],"engineering.":[55],"Using":[56],"such":[57,179,200],"compromised":[59,88,117,145],"firmware,":[60],"present":[62],"stealth":[64],"rootkit":[65],"replaces":[67],"arbitrary":[68],"blocks":[69],"from":[70],"disk":[72,89,100,118],"while":[73],"they":[74],"written,":[76],"providing":[77],"data":[79,178],"replacement":[80],"back-door.":[81],"The":[82],"measured":[83],"performance":[84],"overhead":[85],"drive":[90,146],"less":[92,188],"than":[93,189],"1%":[94],"compared":[95],"with":[96,115],"normal,":[98],"non-malicious":[99],"drive.":[101],"We":[102],"then":[103],"demonstrate":[104],"remote":[107],"attacker":[108],"can":[109],"even":[110],"establish":[111],"communication":[113],"channel":[114,130],"infiltrate":[120],"commands":[121],"ex-filtrate":[124],"data.":[125],"In":[126],"our":[127],"example,":[128],"this":[129],"established":[132],"over":[133],"Internet":[135],"an":[137,170,201],"unmodified":[138],"web":[139],"server":[140],"relies":[142],"on":[143],"for":[147],"its":[148],"storage,":[149],"passing":[150],"through":[151],"original":[153],"webserver,":[154],"database":[155,157],"server,":[156],"storage":[158],"engine,":[159],"filesystem":[160],"driver,":[161],"device":[164],"driver.":[165],"Additional":[166],"experiments,":[167],"performed":[168],"in":[169,187],"emulated":[171],"disk-drive":[172],"environment,":[173],"could":[174],"automatically":[175],"extract":[176],"sensitive":[177],"/etc/shadow":[181],"(or":[182],"secret":[184],"key":[185],"file)":[186],"minute.":[191],"claims":[194],"difficulty":[197],"implementing":[199],"attack":[202],"limited":[205],"area":[208],"government":[210],"cyber-warfare;":[211],"rather,":[212],"well":[215],"within":[216],"reach":[218],"moderately":[220],"funded":[221],"criminals,":[222],"botnet":[223],"herders":[224],"academic":[226],"researchers.":[227]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":6},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":11},{"year":2016,"cited_by_count":8},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":5}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}