On improving cybersecurity through memory isolation using systems management mode

  • James Sutherland

Student thesis: Doctoral Thesis

Abstract

This thesis describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode.


The essence and challenge of modern computer security is to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. If Alice and Bob share a computer, Alice should not be able to access Bob’s passwords or other data; Alice’s web browser should not be able to be tricked into sending email, and viewing a social networking web page in that browser should not allow that page to interact with her online banking service.


The aim of this work is to explore techniques for such isolation and how they can be used usefully on standard PCs. This work focuses on the creation of a small dedicated area to perform cryptographic operations, isolated from the rest of the system. This is a sufficiently useful facility that many modern devices such as smartphones incorporate dedicated hardware for this purpose, but other approaches have advantages which are discussed.


As a case study, this research included the creation of a secure web server whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key. A proof of concept backdoor which captures and exfiltrates encryption keys using a modified processor was also demonstrated.
Date of Award18 Apr 2019
LanguageEnglish
Awarding Institution
  • Abertay University
SupervisorIan Ferguson (Supervisor) & Natalie Coull (Supervisor)

Keywords

  • Enclave
  • SMM
  • Systems management mode
  • Memory protection
  • Isolation
  • Processor

Cite this

On improving cybersecurity through memory isolation using systems management mode
Sutherland, J. (Author). 18 Apr 2019

Student thesis: Doctoral Thesis