Slide 1

Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang Department of Computer Science, North Carolina State University Xiaolan Zhang IBM T.J. Watson Research Center Nathan C. Skalsky IBM Systems & Technology Group 2011/3/81ADL Meeting Slide 2 Outline About SMM Introduction and Background Assumptions, Threat Model, and Security Requirements The HyperSentry Framework Verifying the Integrity of the Xen Hypervisor a Case Study Implementation and Experimental Evaluation Conclusion 2011/3/82ADL Meeting Slide 3 About SMM - Reference Phrack Magazine: Issue #65: System Management Mode Hack: Using SMM for Other PurposesSystem Management Mode Hack: Using SMM for Other Purposes Issue #66: A Real SMM Rootkit: Reversing and Hooking BIOS SMI HandlersA Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers Duflot, Using CPU System Management Mode to Circumvent Operating System Security FunctionsUsing CPU System Management Mode to Circumvent Operating System Security Functions Intel Architecture Software Developers Manuals, Volume 3: System Programming 2011/3/83ADL Meeting Slide 4 About SMM SMM: System Management Mode [wiki][wiki] Intel manuals: The Intel System Management Mode (SMM) is typically used to execute specific routines for power management. SMM operates independently of other system software, and can be used for other purposes too. 2011/3/84ADL Meeting Slide 5 About SMM Real Address Mode Protected Mode Virtual 8086 Mode SMM Mode PE = 1 PE=0 or reset VM = 0 VM = 1 reset -> SMI (interrupt)