Battle of the SKM and IUM - How Windows 10 Rewrites OS Architecture

Explore the radical changes to Windows 10's operating system architecture in this 52-minute Black Hat conference talk. Delve into the introduction of the Viridian Hypervisor Kernel and Virtual Secure Machines (VSMs), which implement a new Secure Kernel Mode (SKM) environment. Learn how this new model creates a paradigm where the NT Kernel runs below the Secure Kernel, and how it enables the creation of Isolated User Mode (IUM) applications. Discover the implications for security, including mitigations against Pass-the-Hash attacks and the limitations placed on even the most privileged attackers. Examine the architectural layers, platform requirements, and key features of this new system, including Hypervisor-based Code Integrity. Gain insights into the SKM function layout, capabilities, and various call types. Understand the process of launching trustlets and the security measures in place. Evaluate the complexity and potential attack surface of the Secure Kernel, and consider the possibilities for compromising or misusing VSMs. Conclude with recommendations and an opportunity for questions about this significant shift in Windows OS design.

Intro
PRESENTATION OVERVIEW
THREE KEY VBS FEATURES BEING INTRODUCED
HOW DOES IT ALL WORK?
SEPARATION OF POWERS
ARCHITECTURAL LAYER OVERVIEW
PLATFORM REQUIREMENTS
HYPERVISOR-BASED CODE INTEGRITY (HVO)
HARD CODE GUARANTEES
VOCABULARY REVIEW
VSM / HYPERVISOR LAUNCH
SKM LAUNCH
BOOT VSM POLICY
BCD VSM POUCY OPTIONS
HYPERVISOR MSR FILTERING AND NX MMIO
SKM FUNCTION LAYOUT
SKM STRUCTURES
MAILBOXES
SKM CAPABILITIES
STORAGE BLORS
SECURE MODE CALLS
SECURE MODE SERVICE CALLS
SPECIALIZED SECURE MORE SERVICE CALLS
NORMAL MODE CALLS
NORMAL MODE SERVICE CALLS
UEFI RUNTIME CALLS
CORE IUM-EXPOSED SKM SERVICES
SECURE SYSTEM CALLS
CRYPTO SUBCALLS
SECURE BASE API
IUM SYSTEM CALLS
IUM SYSTEM CALL SECURITY
NORMAL MODE SYSTEM CALL PROKYING
LAUNCHING A TRUSTLET
TRUSTLET CRYPTOGRAPHIC REQUIREMENTS
TRUSTLET INSTANCE GUID
VIRTUAL MACHINE SECURE WORKER PROCESS
LOADING A TRUSTLET
FAKE BASE SERVER CONNECTION
TRUSTLET TO NORMAL WORLD COMMUNICATIONS
TRUSTLET ALPC ENDPOINT CONNECTIONS
CAN WE BUILD OUR OWN TRUSTLETS?
SECURE KERNEL COMPLEXITY / ATTACK SURFACE
COMPROMISING VBS / MISUSING VSM
VSM WITHOUT SECUREBOOT
RECOMMENDATIONS
YOU HAVE QUESTIONS?