GssmPlugin

GssmPlugin.dll is a session-integrity guard plugin. Its core job is to enforce mandatory-plugin presence on MessageBus during active sessions and escalate when plugin topology becomes unsafe.

File Info

Property	Value
File	`GssmPlugin.dll`
Size	22,280,736 bytes
Architecture	x64 (AMD64)
Build PDB Path	`C:\builds\gfn\security\gcis\out\x86_64-windows-release\GssmPlugin\GssmPlugin.pdb`
Export	`NvPluginGetInfo`

Core Responsibilities

Track required plugin peers on MessageBus after session activation.
Detect late joins/early leaves of mandatory plugins.
Consume process-event telemetry and apply integrity/anomaly policy.
Feed violation decisions into session termination paths.

Observed Internal Components

GssmConfig
PerfMetricCollector
GssmServiceAPI.Event.ProcessEvent
MessageBus lifecycle handlers: WaitForTasToJoinBus, JoinBus, OnPeerJoined

Runtime Flow

1) Initialization

Parses GSSM config and required plugin policy.
Joins MessageBus and waits for prerequisite peers/config provider.
Starts collector/metric tasks where enabled.

Evidence:

Joining MessageBus using config file
Waiting for GSConfigurator to join the message bus
GSEC_GSSM_Error_NoConfigReceivedError

2) Session Activation Guard

At activation boundary, records which plugins are mandatory.
Continuously watches join/leave events for those peers.
Raises high-severity events on topology violations.

Critical indicators:

GSEC_GSSM_Error_MandatoryPluginsJoinedMessageBusAfterSessionActivation
GSEC_GSSM_Error_MandatoryPluginsLeftMessageBusAfterSessionActivation

3) Process/Event Integrity Monitoring

Consumes process-event payloads through GssmServiceAPI.Event.ProcessEvent.
Uses fields:
- processPath
- parentProcessPath
- user
- digitalSignature
Correlates with integrity rules and optional metrics/anomaly collectors.

4) Enforcement and Teardown

Emits integrity/anomaly errors and requests termination when policy requires.
Handles controlled shutdown and collector teardown.

Proto/Message Surface

Artifact	Purpose
`GssmServiceApiDef.proto`	GSSM service event schema
`GssmServiceAPI.Event.ProcessEvent`	Process metadata and signature/event payloads

Error and Warning Families

GSSM-Specific

GSEC_GSSM_Warning_ServiceDisarmed
GSEC_GSSM_Warning_ModuleDisabled
GSEC_GSSM_Error_ConfigError
GSEC_GSSM_Error_ManifestError
GSEC_GSSM_Error_ModelDownloadError
GSEC_GSSM_Error_GetGpuMetricsFailed
GSEC_GSSM_Error_UnableToInitializeCollector
GSEC_GSSM_Error_IntegrityViolationDetected
GSEC_GSSM_Error_SessionAnomalyDetected

Shared

GSEC_Common_* and UnifiedErrorCode infrastructure

Practical Interpretation

GssmPlugin acts like a runtime "guard rail" for GCIS plugin topology:

Mandatory plugin not present when expected: unsafe state.
Mandatory plugin disappears mid-session: likely tamper/crash/high-risk state.
Late plugin join after activation: unexpected topology change.

All three conditions can trigger hard enforcement.

Operational Debug Checklist

Validate GSSM config delivery at startup.
Confirm bus peer graph is stable before and after session activation.
Inspect process-event signature fields when integrity violations appear.
Distinguish module-disabled/service-disarmed warnings from true integrity failures.

GssmPlugin ​

File Info ​

Core Responsibilities ​

Observed Internal Components ​

Runtime Flow ​

1) Initialization ​

2) Session Activation Guard ​

3) Process/Event Integrity Monitoring ​

4) Enforcement and Teardown ​

Proto/Message Surface ​

Error and Warning Families ​

GSSM-Specific ​

Shared ​

Practical Interpretation ​

Operational Debug Checklist ​