To guarantee the network computing system security, the effective method is illegal or malicious software detection. Most of the former researches implement it on OS kernel or hypervisor level. However, if the system is attacked by the ring 0 or ring 1 level risks, the OS kernel or hypervisor is unable to provide the trusted base, which may cause an incorrect result. To solve the shortcomings, we choose the System Management Mode (SMM) to build a trusted execution environment. The SMM is a special cpu mode in the x86 architecture, which could create a security and isolated area on firmware level for malicious attacks detection. In this paper, we remotely interrupt the local system, and design a secure module in SMM to obtain messages from registers and physical memory space. Those messages are used to back analyze the software executing code segment for further information comparing. Beside the local detection, we use remote attestation approach for verifying the secure module. Our approach resists the attack surface under the OS level, and advances state-of-the-art detecting transparently. Furthermore, the analysis process could implement in the server to reduce the overheads on the client platform.
CITATION STYLE
Zhou, L., Shu, Y., & Wang, G. (2016). A software detection mechanism based on smm in network computing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10067 LNCS, pp. 134–143). Springer Verlag. https://doi.org/10.1007/978-3-319-49145-5_14
Mendeley helps you to discover research relevant for your work.