EPA-RIMM: Extensible, Performance Aware Runtime Integrity Measurement Management

The goal of this project is to develop a framework for System Management Mode-based continuous integrity checking. We must solve a number of challenges to production-level adoption of SMM-based approaches.

System Management Mode (SMM) is a special x86 processor mode that privileged software such as kernels or hypervisors cannot access or interrupt. Previously, it has been assumed that time spent in SMM would be relatively small and therefore its side effects on privileged software were unimportant; recently, researchers have proposed uses, such as security-related checks, that would greatly increase the amount of runtime spent in this mode.

In initial work we have investigated the performance impacts of time spent in SMM, to characterize the different types of resulting interference.

This material is based upon work supported by the National Science Foundation under Grant No. 1528185. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.