- Which OS/platform resources to monitor
- What actions to take when the monitored resource is accessed
A policy can be specified at build-time (embedded in the code), boot-time (such as through grub module), or at runtime (via configfs and script), and is enforced by an outside-OS component.
Asset to Monitor |
Action |
Result |
CR4:SMEP |
Skip instruction, Log |
SMEP bit cannot be modified by kernel or any kernel-mode component - Platform hardening |
Kernel code pages in memory |
On write access, skip instruction |
Kernel code pages cannot be modified - Kernel immutability |
Kernel code page mapping |
On write access, skip instruction |
Kernel code page mappings cannot be modified - Kernel page mapping immutability |
Please refer to the overview page for additional details.
CONTACT US
Please contact Zachary Zou (zachary.zou@intel.com) or Kai Wang (kai.z.wang@intel.com).
† Intel® VT-x refers to Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® Architecture.