Loading [MathJax]/extensions/MathMenu.js
Design and Implementation of a Hardware Assisted Security Architecture for Software Integrity Monitoring | IEEE Conference Publication | IEEE Xplore

Design and Implementation of a Hardware Assisted Security Architecture for Software Integrity Monitoring


Abstract:

The increasing complexity of software and hardware layers makes them likely to include vulnerabilities. Recent research has shown that subtle attacks are able to successf...Show More

Abstract:

The increasing complexity of software and hardware layers makes them likely to include vulnerabilities. Recent research has shown that subtle attacks are able to successfully exploit (through compromised peripherals performing DMA attacks for instance) vulnerabilities in low-level software, even running in the most privileged mode of the processors. Therefore, the security of such systems should not be solely based on components running on the processor. This paper describes the design and the implementation of a security architecture that is designed to securely execute integrity checks of any software running on top of this architecture. It is composed of a security hypervisor, running in the most privileged level of the processor, assisted by a trusted hardware component, autonomous and independent of the processor, regularly checking the integrity of the security hypervisor itself. The design, the implementation of this security architecture, as well as experiments showing the relevance of our approach, are detailed in this paper.
Date of Conference: 18-20 November 2015
Date Added to IEEE Xplore: 07 January 2016
ISBN Information:
Conference Location: Zhangjiajie, China

I. Introduction

Nowadays, computer systems are required to execute more and more functionalities. This trend is confirmed by the existence of increasingly complex operating systems and virtual machine managers. Current operating systems are able to execute many software components in parallel and virtual machine managers are able to virtualize the hardware in order to facilitate the coexistence of different operating systems. Execution of these software components is supported by hardware platforms. Nowadays, a large part of hardware platforms are using x86 processors and PCI Express bus to interconnect their components. These architectures are complex and evolve quickly. The hardware platform is configured at boot time by low-level software located in the mainboard, so-called BIOS (Basic Input/Output System). After the configuration of hardware platform, the BIOS hands over to the kernel of the operating system or to the virtual machines manager. The purpose of the kernel and the virtual machines manager is to share and abstract hardware resources between user processes or virtual machines. The virtual machine starts its execution in the same way as a physical one. So, an architecture designed with a virtual machines manager is slightly more complex. The software components running on top of the operating system have to rely on this hardware and software stack on which it is executed. This stack organization also reflects the privileges that each component of a layer possesses.

References

References is not available for this document.