**Special Time and Location** Extensible, Performance-Aware, SMM-based Runtime Integrity Measurement
Speaker: Karen Karavanic, Portland State University
Location: Warren Weaver Hall 102
Date: December 8, 2016, 12:30 p.m.
Host: Mohamed Zahran
Today’s complex cloud and data-center server platforms include software environments (both kernels and hypervisors) vulnerable to sophisticated malware called rootkits, that specifically target low-level resources such as kernel or hypervisor data structures. These attacks modify sensitive host software and hardware resources that control fundamental operations such as interrupt handling, memory access, and event handlers, resulting in a compromised system. In response to this vulnerability, researchers have developed Runtime Integrity Measurement Mechanisms (RIMMs) that aim to detect rootkits before financial or political damage occurs. One particularly promising approach is to run these rootkit detection checks in System Management Mode (SMM): SMM is a special x86 processor mode that privileged software such as kernel or hypervisor code cannot access; code running in SMM has access to a protected region of memory that cannot be inspected or overwritten by privileged software or applications, providing protection of the RIMM itself. This approach is currently infeasible due to performance constraints; interference with system software may lead to significant perturbation or even failure of the system and application software. In this talk I will describe the performance problems, showing results from our detailed performance study of the impacts of time spent in SMM, and provide a sketch of our work-in-progress to develop a solution that stays within acceptable performance bounds.
Karen Karavanic is an Associate Professor of Computer Science at Portland State University. Her research interests center around environment-aware runtime measurement and performance/security diagnosis of large scale systems, including all levels of the software stack, the underlying hardware platform, and the surrounding data center environment. Dr. Karavanic received her Ph.D. from the University of Wisconsin – Madison, where she was a member of the Paradyn Parallel Performance Tool Research group, a WARF Fellow, and a NASA GSRP Fellow. She earned her B.A. in Computer Science from New York University.
Refreshments will be offered starting 15 minutes prior to the scheduled start of the talk.