Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode

TL;DR

This paper presents a novel behavior monitoring system using an isolated co-processor to detect runtime attacks on firmware, specifically targeting the System Management Mode (SMM), with effective detection and minimal performance overhead.

Contribution

It introduces an event-based monitoring approach that is model-agnostic and applies it to detect SMM attacks, demonstrating effectiveness on open-source firmware and simulated hardware.

Findings

Detects state-of-the-art SMM attacks with no false positives

Operates with less than 150 microseconds overhead

Successfully applied to open-source firmware implementations

Abstract

Highly privileged software, such as firmware, is an attractive target for attackers. Thus, BIOS vendors use cryptographic signatures to ensure firmware integrity at boot time. Nevertheless, such protection does not prevent an attacker from exploiting vulnerabilities at runtime. To detect such attacks, we propose an event-based behavior monitoring approach that relies on an isolated co-processor. We instrument the code executed on the main CPU to send information about its behavior to the monitor. This information helps to resolve the semantic gap issue. Our approach does not depend on a specific model of the behavior nor on a specific target. We apply this approach to detect attacks targeting the System Management Mode (SMM), a highly privileged x86 execution mode executing firmware code at runtime. We model the behavior of SMM using invariants of its control-flow and relevant CPU registers (CR3 and SMBASE). We instrument two open-source firmware implementations: EDK II and coreboot. We evaluate the ability of our approach to detect state-of-the-art attacks and its runtime execution overhead by simulating an x86 system coupled with an ARM Cortex A5 co-processor. The results show that our solution detects intrusions from the state of the art, without any false positives, while remaining acceptable in terms of performance overhead in the context of the SMM (i.e., less than the 150 $\mu$s threshold defined by Intel).