Battle of the SKM and IUM - How Windows 10 Rewrites OS Architecture

Explore the radical changes to Windows 10's operating system architecture in this 52-minute Black Hat conference talk. Delve into the introduction of the Viridian Hypervisor Kernel and Virtual Secure Machines (VSMs), which implement a new Secure Kernel Mode (SKM) environment. Learn how this new model creates a paradigm where the NT Kernel runs below the Secure Kernel, and how it enables the creation of Isolated User Mode (IUM) applications. Discover the implications for security, including mitigations against Pass-the-Hash attacks and the limitations placed on even the most privileged attackers. Examine the architectural layers, platform requirements, and key features of this new system, including Hypervisor-based Code Integrity. Gain insights into the SKM function layout, capabilities, and various call types. Understand the process of launching trustlets and the security measures in place. Evaluate the complexity and potential attack surface of the Secure Kernel, and consider the possibilities for compromising or misusing VSMs. Conclude with recommendations and an opportunity for questions about this significant shift in Windows OS design.