Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792661
Title: On using the system management mode for security purposes
Author: Rodrigues De Souza, William Augusto
ISNI:       0000 0004 8499 4902
Awarding Body: Royal Holloway, University of London
Current Institution: Royal Holloway, University of London
Date of Award: 2017
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Computer systems are by design insecure and therefore are many security issues around them. So, security practitioners are always trying to enhance security and performing verification tasks to minimise the risk of potential threats become successful attacks. These tasks are usually performed by security tools. Thus concepts as: isolation, privilege and view are important in the context of computer systems. Security tools must have good isolation, privilege and view of the system. Then, security tools must operate isolated, have high privilege and must have a global view of the system, but also good ability to view and act timely in its own environment to enhance the chances of success when performing their tasks and for not being hit by the problems they are trying to solve. In this context, this research investigates the System Management Mode (SMM) in the context of Intel processors, current security tools capitalising on SMM and attacks and misuses of SMM to establish a set of requirements and then design a generic architecture for SMM-based security tools. That generic architecture is tested by building a proof of concept to measure the integrity of a file of the Xen hypervisor. This measurement is limited to the minimum necessary to prove the concept of the architecture. The problem context addressed is a cloud computing environment, comprising of one or more machines (chipsets). Each chipset hosts in its main memory (DRAM) a virtualised environment comprising of one manager virtual machine, one or more guest virtual machines and a hypervisor. We address our research investigation in two levels: the vertical and the horizontal security level. The vertical security level puts the problem in context, relating it to security issues on: cloud, chipset, memory, virtualisation layer and cache memory. The horizontal security level considers the research problem in its environment, relating it to security issues on components of the bootup process and the processor, such as: Intel VMX, TXT and SGX, BIOS and so on. First, we investigate the SMM, its resources and components. Then, we analyse SMM-based security tools and the opportunities to improve them. We also analyse SMM attacks and how to thwart them. From the acquired knowledge, we establish a set of requirements to use SMM for security purposes. Having the requirements, we design a generic architecture for SMM-based security tools. To test the architecture, we build a proof of concept comprising of a module to probe chipsets and a SMM-based hypervisor integrity measurement tool. The implementation of that architecture was done in a proof of concept designed to have two modules: a manager and an agent. The manager module is used for learning about and researching on the target machine, as for probing, setting and clearing registers related to SMM. The manager can be used in the target machine or in a machine with the same chipset of the target machine. So, it can be deployed in main memory. The agent basically comprises of two parts: a basic code embodying management functions and a payload, where the security functions are implemented. So the use of a payload is what makes the architecture generic since any security task might be implemented and added in the agent by changing the payload. We conclude that any security tool can capitalising on SMM resources provided that it meets the set of requirements established in this research: small, fast, persistent, cooperative, isolated, resistant, complete and SMI-independent (meaning that it can be started by any System management interruption, which occur in the chipset); and stick to the proposed generic architecture.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.792661  DOI: Not available
Share: