True IOMMU Protection from DMA Attacks When Copy is Faster than Zero Copy 20

True IOMMU Protection from DMA Attacks: When Copy is Faster than Zero CopyAlex Markuze Adam Morrison Dan Tsafrir Computer Science DepartmentTechnion—Israel Institute of TechnologyAbstract Malicious I/O devices might compromise the OS using DMAs. The OS therefore utilizes the IOMMU to map and unmap every target buffer right before and after its DMA is processed, thereby restricting DMAs to their designated locations. This usage model, however, is not truly secure for two reasons: (1) it provides