Overview
Syllabus
Intro
PRESENTATION OVERVIEW
THREE KEY VBS FEATURES BEING INTRODUCED
HOW DOES IT ALL WORK?
SEPARATION OF POWERS
ARCHITECTURAL LAYER OVERVIEW
PLATFORM REQUIREMENTS
HYPERVISOR-BASED CODE INTEGRITY (HVO)
HARD CODE GUARANTEES
VOCABULARY REVIEW
VSM / HYPERVISOR LAUNCH
SKM LAUNCH
BOOT VSM POLICY
BCD VSM POUCY OPTIONS
HYPERVISOR MSR FILTERING AND NX MMIO
SKM FUNCTION LAYOUT
SKM STRUCTURES
MAILBOXES
SKM CAPABILITIES
STORAGE BLORS
SECURE MODE CALLS
SECURE MODE SERVICE CALLS
SPECIALIZED SECURE MORE SERVICE CALLS
NORMAL MODE CALLS
NORMAL MODE SERVICE CALLS
UEFI RUNTIME CALLS
CORE IUM-EXPOSED SKM SERVICES
SECURE SYSTEM CALLS
CRYPTO SUBCALLS
SECURE BASE API
IUM SYSTEM CALLS
IUM SYSTEM CALL SECURITY
NORMAL MODE SYSTEM CALL PROKYING
LAUNCHING A TRUSTLET
TRUSTLET CRYPTOGRAPHIC REQUIREMENTS
TRUSTLET INSTANCE GUID
VIRTUAL MACHINE SECURE WORKER PROCESS
LOADING A TRUSTLET
FAKE BASE SERVER CONNECTION
TRUSTLET TO NORMAL WORLD COMMUNICATIONS
TRUSTLET ALPC ENDPOINT CONNECTIONS
CAN WE BUILD OUR OWN TRUSTLETS?
SECURE KERNEL COMPLEXITY / ATTACK SURFACE
COMPROMISING VBS / MISUSING VSM
VSM WITHOUT SECUREBOOT
RECOMMENDATIONS
YOU HAVE QUESTIONS?
Taught by
Black Hat