Computer Science Seminar - University of Houston
Skip to main content

Department of Computer Science

Events

Computer Science Seminar

Using Hardware Isolated Execution Environments for Securing Systems

When: Monday, April 6, 2015
Where: PGH 232
Time: 11:00 AM - 12:30 PM

Speaker: Fengwei Zhang, George Mason University

Host: Prof. Stephen Huang

With the rapid proliferation of malware attacks on the Internet, malware detection and analysis plays a critical role in crafting effective defenses. Advanced malware detection and analysis relies on virtualization and emulation technologies to introspect the malware in an isolated environment and analyze malicious activities by instrumenting code execution. Virtual Machine Introspection (VMI) systems have been widely adopted for malware detection and analysis. VMI systems use hypervisor technology to create an isolated execution environment for system introspection and to expose malicious activity. However, recent malware can detect the presence of virtualization or corrupt the hypervisor state and thus avoid detection and debugging. In my talk, I will first introduce tools that use hardware isolated execution environments for attack detection, malware debugging, and executing sensitive operations. These tools leverage System Management Mode (SMM), a special CPU mode existing in the x86 architecture, as a trusted execution environment. Then, I will focus on two uses of SMM for building defensive tools. One is attack detection that introspects all layers of system software; the other is transparent malware debugging, which achieves a higher level of transparency than state-of-the-art systems. Lastly, I will talk about other hardware isolated execution environments and my future research directions.

Bio:

Fengwei Zhang is a Ph.D. candidate in the Department of Computer Science at George Mason University. He received his M.S. degree from Columbia University in 2010. He also received a dual B.S. degree from North China University of Technology and Southern Polytechnic State University in 2008. He has published papers in top conferences/journals including S&P, NDSS, DSN, ESORICS, and TDSC. His current research focuses on trustworthy execution, memory introspection, system integrity checking, and transparent malware debugging.