Export to

Google Calendar
iCalendar file
hCalendar markup
<div class="vevent h-event"> <h1 class="summary p-name">Extensible, Performance-Aware, SMM-based Runtime Integrity Measurement</h1> <div class='date'><time class="dtstart dt-start" title="2015-10-20T10:00:00" datetime="2015-10-20T10:00:00">Tuesday, October 20, 2015 from 10</time>–<time class="dtend dt-end" title="2015-10-20T11:00:00" datetime="2015-10-20T11:00:00">11am</time></div> <div class="location vcard p-location h-card"> <a class="url" href='http://calagator.org/venues/202395102'><span class='fn org p-name'>Portland State University - Fourth Avenue Building</span></a> <div class="adr p-adr h-adr"> </div> </div> <div class="description p-description"> <p>Today's complex server platforms include software environments (both kernels and hypervisors) vulnerable to sophisticated malware called rootkits, that specifically target low-level resources such as kernel or hypervisor data structures. These attacks modify sensitive host software and hardware resources that control fundamental operations such as interrupt handling, memory access, and event handlers, resulting in a compromised system. In response to this vulnerability, researchers have developed Runtime Integrity Measurement Mechanisms (RIMMs) that aim to detect rootkits before financial or political damage occurs. One particularly promising approach is to run these rootkit detection checks in System Management Mode (SMM): SMM is a special x86 processor mode that privileged software such as kernel or hypervisor code cannot access; code running in SMM has access to a protected region of memory that cannot be inspected or overwritten by privileged software or applications, providing protection of the RIMM itself. This approach is currently infeasible due to performance constraints; interference with system software may lead to significant perturbation or even failure of the system and application software. In this talk I will describe the performance problems, showing results from our detailed performance study of the impacts of time spent in SMM. In addition, I will introduce our current project to develop a solution that stays within acceptable performance bounds. This talk should be accessible to students who have an understanding of Operating Systems foundations, for example by completing CS333 or CS533.</p> </div> </div>

You can edit, clone, or delete this event.

This item was added directly to Calagator
Friday, October 16, 2015 at 4:57pm and last updated
Monday, October 19, 2015 at 2:11pm.

Extensible, Performance-Aware, SMM-based Runtime Integrity Measurement

Tuesday, October 20, 2015 from 10–11am

Portland State University - Fourth Avenue Building

Speaker - Dr. Karen Karavanic

Room FAB 86-01

Description

Today's complex server platforms include software environments (both kernels and hypervisors) vulnerable to sophisticated malware called rootkits, that specifically target low-level resources such as kernel or hypervisor data structures. These attacks modify sensitive host software and hardware resources that control fundamental operations such as interrupt handling, memory access, and event handlers, resulting in a compromised system. In response to this vulnerability, researchers have developed Runtime Integrity Measurement Mechanisms (RIMMs) that aim to detect rootkits before financial or political damage occurs. One particularly promising approach is to run these rootkit detection checks in System Management Mode (SMM): SMM is a special x86 processor mode that privileged software such as kernel or hypervisor code cannot access; code running in SMM has access to a protected region of memory that cannot be inspected or overwritten by privileged software or applications, providing protection of the RIMM itself. This approach is currently infeasible due to performance constraints; interference with system software may lead to significant perturbation or even failure of the system and application software. In this talk I will describe the performance problems, showing results from our detailed performance study of the impacts of time spent in SMM. In addition, I will introduce our current project to develop a solution that stays within acceptable performance bounds. This talk should be accessible to students who have an understanding of Operating Systems foundations, for example by completing CS333 or CS533.

Export to

Extensible, Performance-Aware, SMM-based Runtime Integrity Measurement

Description

Share