SBIR-STTR Award

We propose to develop a secure niche from which to run integrity management or other OS and application monitoring software on COTS PCs running popular COTS operating systems. The security of the proposed environment will have no dependency on the correct operation of the host operating system. The security model will assume that the operating system and its kernel have been compromised. The design of the secure niche will be capable of being formally modeled, proved, and evaluated under the Common Criteria at a high assurance level. Our approach is to use the Security Management Mode (SMM) that is part of every Pentium processor as the core of the mechanism, using it to implement a new security ring (call it Ring -1) below the Ring 0 kernel. Various payloads can then be run in this niche, such as integrity monitors and virus checkers, to protect the OS and user applications and data from corruption. The secure niche protects the payload so the payload can protect the system.

Keywords:
Integrity Monitoring, Intrustion Detection, Operating System Protection, Sub-Kernel, Ring -1, Security Management Mode (Smm)

We propose to further the development of a secure integrity monitor for PCs. Its feasibility was determined in Phase I. It uses the System Management Mode of the Intel Pentium architecture (including compatible chips from AMD) to protect itself from tampering or interference by malicious software that is running in kernel mode, such as root-kits. It uses a statistical approach to malicious software detection that is asymmetrical in that it requires more effort from attackers to counter all of its potential protection mechanisms that it is required to actually execute.

Keywords:
Integrity Monitor, System Management Mode (Smm), Root-Kit, Intrusion Detection, Operating System Protection