SMM-Based Hypervisor Integrity Measurement

Hypervisors play an important role in the virtualised environment and consequently are a prime target for attacks. Different kinds of attacks have been reported and a great deal of research has been done to address vulnerabilities in hypervisors. Recently, after successful defeat of integrity measurement tools, a new class of measurement tools have been developed capitalising on the SMM to measure the integrity of hypervisors and other system components. Although those new tools are successful in their tasks, they do not take full advantage of the main benefits of SMM: isolation and stealth. We argue that this is due to the architecture those tools employ. Thus, in this paper, we establish a set of requirements and propose a generic architecture to build and deploy an SMM-based hypervisor integrity measurement tool. We believe that such an architecture might be applied to any SMM-based tool.