<p>This talk deals with how to containerize a malicious system mode interrupt handlers on the AMD-V platform so that System Mangement Mode code will not be able to bypass the memory protections added by the virtualization extensions.<br><br>In recent years we've heard about System Management Mode(SMM) Rootkits and seen how they can be used to bypass Intel's Trusted Execution Technology. AMD-V is a different design than the Intel-VX / VT-D. The talk covers the differences, reviews system management mode and the relationship between SMM and Virtualization on the AMD-V platform. After the review, how one installs a SMI handler is covered followed by a discussion of how to construct a hypervisor that can containerize system management interrupt handling code so that it runs inside of a guest virtual machine.</p>
<p>Pete Markowsky has been involved with information security and application development since first working with Northeastern University in 2001. He has worked all over the security industry from .edu to .mil to .com in roles such as development, QA, Security Engineer, Risk Analyst and Security Researcher. Pete is currently supporting Crucial Security / Harris in a number of security research and development projects, including two SBIR efforts involving the implementation of a code slicing engine and hypervisor based process isolation.</p>