The goal of this project is to develop a framework for System Management Mode-based continuous integrity checking. We must solve a number of challenges to production-level adoption of SMM-based approaches.

System Management Mode (SMM) is a special x86 processor mode that privileged software such as kernels or hypervisors cannot access or interrupt. Previously, it has been assumed that time spent in SMM would be relatively small and therefore its side effects on privileged software were unimportant; recently, researchers have proposed uses, such as security-related checks, that would greatly increase the amount of runtime spent in this mode.

In initial work we have investigated the performance impacts of time spent in SMM, to characterize the different types of resulting interference.

This material is based upon work supported by the National Science Foundation under Grant No. 1528185. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

Recent Talks
• Brian Delgado, "Applying the Principle of Least Privilege to System Management Interrupt Handlers with the Intel SMI Transfer Monitor" at Hardware and Architectural Support for Security and Privacy (HASP) October 2020
• Brian Delgado, "EPA-RIMM : An Efficient, Performance-Aware Runtime Integrity Measurement Mechanism for Modern Server Platforms" at DSN 2019, Portland OR June 27, 2019.
• Brian Delgado, "EPA-RIMM: A Framework for Dynamic SMM-based Runtime Integrity Measurement", Platform Security Summit 2018

Technical Reports
• Brian Delgado, Karen L. Karavanic, "EPA-RIMM: A Framework for Dynamic SMM-based Runtime Integrity Measurement" Technical Report, arxiv 1805.03755, available at https://arxiv.org/abs/1805.03755
• Tejaswini Vibhute, "EPA-RIMM-V: Efficient Rootkit Detection for Virtualized Environments (masters thesis) Portland State University 2018

Publications
• Brian Delgado, Tejaswini Vibhute, and Karen L. Karavanic, "Applying the Principle of Least Privilege to System Management Interrupt Handlers with the Intel SMI Transfer Monitor." Hardware and Architectural Support for Security and Privacy (HASP) 2020, Portland, Oregon October 17, 2020.
• Brian Delgado, John Fastabend, Tejaswini Vibhute, Karen L. Karavanic, "EPA-RIMM : An Efficient, Performance-Aware Runtime Integrity Measurement Mechanism for Modern Server Platforms" 2019 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2019), June 2019, Portland OR.
• [Research Poster] Brian Delgado and Karen L. Karavanic, "EPA-RIMM: Extensible, Performance-Aware SMM Runtime Integrity Measurement" 25th USENIX Security Symposium, August 10-12, 2016, Austin TX.
• Konstantin Macarenco, Kristina Frye, Benjamin Hamlin, and Karen L. Karavanic, "The Effects of System Management Interrupts on Multithreaded, Hyper-Threaded, and MPI Applications" Sixth International Workshop on Parallel Software Tools and Tool Infrastructures (PSTI 2016).
• Brian Delgado and Karen L. Karavanic, "Performance Implications of System Management Mode," The 2013 IEEE International Symposium on Workload Characterization (IISWC), September 22-24, Portland, OR USA. (preprint)

Code Releases
• Xen Patches for STM
• EPA software stack

Current Students
• Ph.D.: John Fastabend
• M.S.: Alexander Freed

Project Alums
• Dylan Abraham, Brian Delgado, Will Huiras, Payal Joshi, Tejaswini Vibhute(Intel), Cody Shepherd, Andy Wood, Konstantin Macarenco, Mitch Souders