Fritsch, H. (2008):

Analysis and detection of virtualization-based rootkits


With the emergence of hardware virtualization, it was discussed if this technology gives ground for a potentially undetectable form of malware. While several claims have been made, this thesis presents this malware technology's state of the art, describes possible detection methods and demystifies the topic referencing the current literature, analyzing a sample implementation and validating results on a special testing machine. Though the 100\% undetectability claim does not hold due to a variety of attack vectors that have been presented over the last two years, such malware raises the bar for detection, especially since real code detection requires ways to get raw memory access which is only possible by getting even closer to the hardware. With this thesis, a testing framework for detection using side-channel attacks is presented implementing some of the proposed detection methods.




Last Change: Fri, 22 Feb 2019 04:04:26 +0100 - Viewed on: Sat, 11 Jul 2020 22:18:04 +0200
Copyright © MNM-Team http://www.mnm-team.org - Impressum / Legal Info  - Datenschutz / Privacy