论文信息 - IOCheck: A framework to enhance the security of I/O devices at runtime

IOCheck: A framework to enhance the security of I/O devices at runtime

Securing hardware is the foundation for implementing a secure system. However, securing hardware devices remains an open research problem. In this paper, we present IOCheck, a framework to enhance the security of I/O devices at runtime. It leverages System Management Mode (SMM) to quickly check the integrity of I/O configurations and firmware. IOCheck does not rely on the operating system and is OS-agnostic. In our preliminary results, IOCheck takes 4 milliseconds to switch to SMM which introduces low performance overhead.

Fengwei Zhang

[1] Zhi Wang,et al. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity , 2010, CCS '10.

[2] Jiang Wang,et al. Autonomic Recovery: HyperCheck: A Hardware-Assisted Integrity Monitor , 2013 .

[3] Cliff Changchun Zou,et al. SMM rootkit: a new breed of OS independent malware , 2013, Secur. Commun. Networks.

[4] Yves Deswarte,et al. I/O Attacks in Intel PC-based Architectures and Countermeasures , 2011, 2011 First SysSec Workshop.

[5] Angelos Stavrou,et al. SPECTRE: A dependable introspection framework via System Management Mode , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[6] Patrick Stewin,et al. Understanding DMA Malware , 2012, DIMVA.

[7] Yves Deswarte,et al. Exploiting an I/OMMU vulnerability , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[8] Benjamin Morin,et al. What If You Can't Trust Your Network Card? , 2011, RAID.

[9] Cliff Changchun Zou,et al. SMM rootkits: a new breed of OS independent malware , 2008, SecureComm.

[10] K. Chen. Reversing and exploiting an Apple firmware update , 2009 .

[11] Adrian Perrig,et al. VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[12] Michael K. Reiter,et al. Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.