Technology and Research
Intel® Technology Journal Home
Volume 10, Issue 04
Autonomic Computing
Table of Contents
Technical Reviewers
About This Journal
Intel Published Articles
Read Past Journals
Subscribe
E-Mail this Journal to a Colleague
Home  ›  Technology and Research  ›  Intel® Technology Journal  ›  Autonomic Computing
ITJ Autonomic Computing
Intel® Technology Journal
Featuring Intel's recent
research and development
 
Autonomic Computing
Volume 10    Issue 04    Published November 9, 2006
ISSN 1535-864X    DOI: 10.1535/itj.1004.04

  Section 3 of 13  
Towards autonomic enterprise security: self-defending platforms, distributed detection, and adaptive feedback
Self-defending platforms

Our approach to create a self-defending platform leverages Intel Virtualization Technology (commonly known as VT-x) to efficiently enforce memory protections, and Intel Active Management Technology (Intel AMT) [18] to enforce network policies on the end-point. We provide a brief background on VT-x for the sake of completeness. Interested readers can find a detailed description of this technology in this specification [1]. In the rest of this section, we assume that the reader is familiar with IA-32 instruction set architecture, the details of which can be found in the referenced Intel specification [2].

The term "virtualization" refers to the technique of partitioning a hardware platform into multiple virtual partitions called Virtual Machines (VMs) and running independent OSs in those virtual partitions. A layer of privileged software called the Virtual Machine Monitor (VMM) provides an abstraction of the hardware to each VM. At a high level, VT-x provides hardware support for virtualizing the CPU and the memory subsystem. By providing this hardware support, VT-x helps simplify VMMs, allowing them to support a wider range of legacy and future OSs without compromising performance or security. One of the key applications of the VMM is to maintain control over the physical memory of the platform. One way the VMM can achieve this on a VT-x CPU is by maintaining a set of parallel page tables for each OS running on the platform. The page tables maintained by the VMM are called the Active Page Tables (APTs). These page tables reference the real physical memory on the platform and are used by the processor for address translation. Each guest OS maintains its own page tables, called Guest Page Tables (GPTs). The VMM synchronizes APTs with GPTs in software using an algorithm called the Virtual TLB (VTLB) algorithm. The VTLB algorithm behaves similar to a processor Translation Lookaside Buffer (TLB). The algorithm relies on the VMM's ability to trap events such as page faults and execution of certain instructions (for e.g., INVLPG, MOV CR3), that are used by a legacy OS to manage virtual memory. A detailed description of this algorithm is out of the scope of this paper, and interested readers are referred to [3] for further details.


  Section 3 of 13  

In this article
Abstract
Introduction
Self-defending platforms
Self-defending platforms architecture
Standards for integrity measurement
Distributed detection and inference
Simulation studies
Adaptive feedback
Enterprise use cases and test results
Conclusion
Acknowledgments
References
Authors’ biographies
Download a PDF of this article.    Email This Page
Back to Top