Abstract

Continuous runtime integrity measurement mechanisms (RIMMs) can be used for timely detection of kernel and hypervisor rootkits. Researchers have proposed running RIMMs in privileged execution environments, such as the x86 architecture’s System Management Mode (SMM), to detect interference from rootkits that have gained control of the host operating system. However, the extended amount of time in SMM required to perform inspections can cause severe disruption to the host. A previously proposed RIMM design called EPA-RIMM addresses this by decomposing long inspections across multiple System Management Interrupts (SMI), the interrupt used to invoke SMM.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call