ACM Digital Library home
ACM home
Advanced Search
10.1145/3458903.3458907acmotherconferencesArticle/Chapter ViewAbstractPublication PageshaspConference Proceedingsconference-collections
research-article
Public Access

Applying the Principle of Least Privilege to System Management Interrupt Handlers with the Intel SMI Transfer Monitor

HASP '20: Hardware and Architectural Support for Security and PrivacyOctober 2020 Article No.: 4Pages 1–9https://doi.org/10.1145/3458903.3458907
Published:23 October 2021Publication History
  • 0citation
  • 357
  • Downloads
Metrics
Total Citations0
Total Downloads357
Last 12 Months277
Last 6 weeks18
  • PDF

HASP '20: Hardware and Architectural Support for Security and Privacy

Applying the Principle of Least Privilege to System Management Interrupt Handlers with the Intel SMI Transfer Monitor
Pages 1–9
PreviousChapterNextChapter

ABSTRACT

Recent years have seen a growing concern over System Management Mode (SMM) and its broad access to platform resources. The SMI Transfer Monitor (STM) is Intel’s most powerful executing CPU context. The STM is a firmware-based hypervisor that applies the principle of least privilege to powerful System Management Interrupt (SMI) handlers that control runtime firmware. These handlers have traditionally had full access to memory as well as the register state of applications and kernel code even when their functionality did not require it. The STM has been been enabled for UEFI and, most recently, coreboot firmware, adding protection against runtime SMM-based attacks as well as establishing a firmware-based Trusted Execution Environment (TEE) capability. We provide a detailed overview of the STM architecture, evaluate its protections, and quantify its performance. Our results show the STM can protect against published SMM vulnerabilities with tolerable performance overheads.

References

  1. Ahmed M. Azab and et al. Ning, Peng. 2014. Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS ’14). ACM, New York, NY, USA, 90–102. https://doi.org/10.1145/2660267.2660350 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. 2010. HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity. In Proceedings of the 17th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA) (CCS ’10). ACM, New York, NY, USA, 38–49. https://doi.org/10.1145/1866307.1866313 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Sandrine Bailleux. 2018. Secure Partitions. OSFC.Google ScholarGoogle Scholar
  4. Ronny Chevalier, Maugan Villatel, David Plaquin, and Guillaume Hiet. 2017. Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode. In Proceedings of the 33rd Annual Computer Security Applications Conference (Orlando, FL, USA) (ACSAC 2017). ACM, New York, NY, USA, 399–411. https://doi.org/10.1145/3134600.3134622 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Cr4sh. 2016. Thinkpwn. https://github.com/Cr4sh/ThinkPwnGoogle ScholarGoogle Scholar
  6. Al Danial. 2020. CLOC. https://github.com/AlDanial/clocGoogle ScholarGoogle Scholar
  7. Brian Delgado and Karen L. Karavanic. 2013. Performance implications of System Management Mode. In 2013 IEEE International Symposium on Workload Characterization (IISWC). 163–173. https://doi.org/10.1109/IISWC.2013.6704682Google ScholarGoogle ScholarCross RefCross Ref
  8. Brian Delgado, Tejaswini Vibhute, John Fastabend, and Karen Karavanic. 2019. EPA-RIMM: An Efficient, Performance-Aware Runtime Integrity Measurement Mechanism for Modern Server Platforms. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 422–434.Google ScholarGoogle Scholar
  9. Loıc Duflot, Daniel Etiemble, and Olivier Grumelard. 2006. Using CPU system management mode to circumvent operating system security functions. CanSecWest/core06 (2006).Google ScholarGoogle Scholar
  10. Jake Edge. 2010. Enabling Intel TXT in Fedora. https://lwn.net/Articles/382077/Google ScholarGoogle Scholar
  11. Infosec Institute. 2014. Hooking System Calls Through MSRs. (2014). https://resources.infosecinstitute.com/hooking-system-calls-msrsGoogle ScholarGoogle Scholar
  12. Intel. 2015. SMI Transfer Monitor (STM) User Guide.Google ScholarGoogle Scholar
  13. Intel. 2020. Intel® 64 and IA-32 Architectures Software Developer’s Manual (Vol. 3).Google ScholarGoogle Scholar
  14. Corey Kallenberg, John Butterworth, Xeno Kovah, and C Cornwell. 2013. Defeating signed bios enforcement. EkoParty, Buenos Aires(2013).Google ScholarGoogle Scholar
  15. Corey Kallenberg and Xeno Kovah. 2015. How Many Million BIOSes Would you Like to Infect?CanSecWest, Vancouver, Canada.Google ScholarGoogle Scholar
  16. Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanovic, and Dawn Song. 2020. Keystone: An Open Framework for Architecting Trusted Execution Environments. In Proceedings of the Fifteenth European Conference on Computer Systems(EuroSys ’20). Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Tony Lo. 2016. Tailoring TrustZone as SMM Equivalent. UEFI PlugFest. http://www.uefi.org/sites/default/files/resources/UEFI_Plugfest_March_2016_AMI.pdfGoogle ScholarGoogle Scholar
  18. John Loucaides and Yuriy Bulygin. 2014. Platform Security Assessment with CHIPSEC. https://cansecwest.com/slides/2014/Platform.Google ScholarGoogle Scholar
  19. Ijlal Loutfi.2019. SMMDecoy: Detecting GPU Keyloggers using Security by Deception Techniques. In Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,. INSTICC, SciTePress, 580–587.Google ScholarGoogle Scholar
  20. Shangcong Luan. 2016. Exploit Two Xen Hypervisor Vulnerabilities. (2016). BlackHat 2016.Google ScholarGoogle Scholar
  21. Keith Mannthey. 2009. System Management Interrupt Free Hardware. http://linuxplumbersconf.org/2009/slides/Keith-Mannthey-SMIplumers-2009.pdfGoogle ScholarGoogle Scholar
  22. Alex Matrosov. 2017. Who Watch BIOS Watchers?https://medium.com/@matrosov/bypass-intel-boot-guard-cc05edfca3a9Google ScholarGoogle Scholar
  23. Alex Matrosov, Eugene Rodionov, and Sergey Bratus. 2019. Rootkits and bootkits: reversing modern malware and next generation threats. No Starch Press.Google ScholarGoogle Scholar
  24. Saeid Mofrad, Fengwei Zhang, Shiyong Lu, and Weidong Shi. 2018. A Comparison Study of Intel SGX and AMD Memory Encryption Technology. In Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy(HASP ’18). ACM, New York, NY, USA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Eugene D. Myers. 2018. Using the Intel STM for Protected Execution. http://www.platformsecuritysummit.com/2018/speaker/myers/STMPE2Intelv84a.pdfGoogle ScholarGoogle Scholar
  26. Joshua Schiffman and David Kaplan. 2014. The smm rootkit revisited: Fun with usb. In 2014 Ninth International Conference on Availability, Reliability and Security. IEEE, 279–286. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. TianoCore. 2019. UEFI Variable Runtime Cache. https://github.com/tianocore/tianocore.github.io/wiki/UEFI-Variable-Runtime-CacheGoogle ScholarGoogle Scholar
  28. TianoCore. 2020. 8. SMRAM Overwrite in SmmVariableHandler. https://edk2-docs.gitbook.io/security-advisory/smram_overwrite_in_smmvariablehandlerGoogle ScholarGoogle Scholar
  29. TianoCore. 2020. EDK II Secure Code Review Guide. https://edk2-docs.gitbook.io/edk-ii-secure-code-review-guide/code_review_guidelines_for_boot_firmware/hardware_inputGoogle ScholarGoogle Scholar
  30. Josh Triplett and Bert Tripplet. 2011. BITS: BIOS Implementation Test Suite. http://www.linuxplumbersconf.org/2011/ocw/system/presentations/867/original/bits.pdf.Google ScholarGoogle Scholar
  31. Liam Tung. 2018. Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets. https://www.zdnet.com/article/ex-intel-security-expert-this-new-spectre-attack-can-even-reveal-firmware-secrets/Google ScholarGoogle Scholar
  32. Tejaswini Vibhute. 2018. EPA-RIMM-V: Efficient Rootkit Detection for Virtualized Environment. Master’s thesis. Portland State University.Google ScholarGoogle ScholarCross RefCross Ref
  33. Jiang Wang, Angelos Stavrou, , and Anup Ghosh. 2010. HyperCheck: A Hardware-assisted Integrity Monitor. In Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (Ottawa, Ontario, Canada) (RAID’10). Springer-Verlag, Berlin, Heidelberg, 158–177. http://dl.acm.org/citation.cfm?id=1894166.1894178 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Rafal Wojtczuk and Joanna Rutkowska. 2009. Attacking SMM memory via Intel CPU cache poisoning. Invisible Things Lab(2009), 16–18.Google ScholarGoogle Scholar
  35. Jiewen Yao. 2016. [edk2] [PATCH V2 0/6] Enable SMM page level protection..https://lists.01.org/pipermail/edk2-devel/2016-November/004185.htmlGoogle ScholarGoogle Scholar
  36. Jiewen Yao, Vincent Zimmer, and Star Zeng. 2016. A Tour Beyond BIOS Secure SMM Communication in the EFI Developer Kit II. Technical Report. Intel.Google ScholarGoogle Scholar
  37. Fengwei Zhang, Kevin Leach, Kun Sun, and Angelos Stavrou. 2013. SPECTRE: A Dependable Introspection Framework via System Management Mode. In Proceedings of the 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)(DSN ’13). IEEE Computer Society, Washington, DC, USA, 1–12. https://doi.org/10.1109/DSN.2013.6575343 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

(auto-classified)
  1. Applying the Principle of Least Privilege to System Management Interrupt Handlers with the Intel SMI Transfer Monitor

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        Get this Publication

        • Published in

          cover image ACM Other conferences
          HASP '20: Hardware and Architectural Support for Security and Privacy
          October 2020
          71 pages
          ISBN:9781450388986
          DOI:10.1145/3458903

          Copyright © 2020 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 23 October 2021

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Author Tags

          Qualifiers

          • research-article
          • Research
          • Refereed limited

          Acceptance Rates

          Overall Acceptance Rate 9 of 13 submissions, 69%

        • Article Metrics

          • Downloads (Last 12 months)277
          • Downloads (Last 6 weeks)18

          Other Metrics

          View Author Metrics

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        View Table of Contents
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!