Presentation is loading. Please wait.

Presentation is loading. Please wait.

V IRTUALIZATION A TTACKS Undetectable Bluepill. V IRTUALIZATION AND ITS A TTACKS What is Virtualization? What makes it possible? How does it affect security?

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "V IRTUALIZATION A TTACKS Undetectable Bluepill. V IRTUALIZATION AND ITS A TTACKS What is Virtualization? What makes it possible? How does it affect security?"— Presentation transcript:

1 V IRTUALIZATION A TTACKS Undetectable Bluepill

2 V IRTUALIZATION AND ITS A TTACKS What is Virtualization? What makes it possible? How does it affect security? Blue Pill Attacks Conclusion Questions

3 W HAT ’ S V IRTUALIZATION ? Software or Hardware Assisted Emulates guest operating systems or systems Can be used to: Run alternate OS’s Provide a security layer to the main system Ex. Run risky processes in a virtual honeypot Duplicate environments Run servers Etc…

4 W HAT ’ S THE D IFFERENCE ? Emulates Guest Code Binary translation of critical commands Not full virtualization Commonly used VMWare, Parallels, etc. AMD-V / Intel VT-x Code isn’t emulated Allows full virtualization Very efficient code execution Increasingly popular Software VirtualizationHardware Virtualization

5 W HAT ARE THE IMPLICATIONS ? BLUE Pill (© COSEINC Research, Advanced )Malware Labs, 2006)

6 B LUEPILL EXISTS OUTSIDE THE MATRIX … System itself is virtualized Control over ‘interesting’ events Heuristic scans Infected Kernel Detection Etc. Hardware doesn’t need to be virtualized No detectable performance penalty Undetectable?

7 V IRTUALIZATION D ETECTION (R EDPILL ) Code exists claiming to detect Bluepill infections Timing attack based algorithms Register Location Detection (Modified under VM) Only Detects Virtualization, not BluePill Malware!!!! Variety of programs use virtualization = huge number of false positives (not every VM is a bluepill infection) Many Redpill designs are processor model specific, subject to large error rates Inaccurate, difficult to trust!

8 I S THERE ANY GOOD NEWS ? Basic Rootkits / kernel malware are still effective No need to implement high level virtualization attacks Not all public machines are hardware virtualization capable, less reward. Will be most effective with the rise of virtualization implementation (servers, A/V, etc.) which are still a few years out A few years to prepare

9 C ONCLUSION Hardware Virtualization Virtualization Attacks Detection Questions?

Download ppt "V IRTUALIZATION A TTACKS Undetectable Bluepill. V IRTUALIZATION AND ITS A TTACKS What is Virtualization? What makes it possible? How does it affect security?"

Similar presentations

An Overview Of Virtual Machine Architectures Ross Rosemark.

An Overview Of Virtual Machine Architectures Ross Rosemark.
Hypervisors and Next Generation Virtualization William Strickland COT4810 Spring 2008 February 7, 2008.

Hypervisors and Next Generation Virtualization William Strickland COT4810 Spring 2008 February 7, 2008.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtual Machines What Why How Powerpoint?. What is a Virtual Machine? A Piece of software that emulates hardware.  Might emulate the I/O devices  Might.

Virtual Machines What Why How Powerpoint?. What is a Virtual Machine? A Piece of software that emulates hardware.  Might emulate the I/O devices  Might.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
CS533 Concepts of Operating Systems Class 7 Virtualization and Exokernels.

CS533 Concepts of Operating Systems Class 7 Virtualization and Exokernels.
Network Implementation for Xen and KVM Class project for E6998-01: Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)

Network Implementation for Xen and KVM Class project for E : Network System Design and Implantation 12 Apr 2010 Kangkook Jee (kj2181)
Presented by Boris Yurovitsky

Presented by Boris Yurovitsky
1 Disco: Running Commodity Operating Systems on Scalable Multiprocessors Edouard Bugnion, Scott Devine, and Mendel Rosenblum, Stanford University, 1997.

1 Disco: Running Commodity Operating Systems on Scalable Multiprocessors Edouard Bugnion, Scott Devine, and Mendel Rosenblum, Stanford University, 1997.
CS533 Concepts of Operating Systems Class 15 Virtualization.

CS533 Concepts of Operating Systems Class 15 Virtualization.
SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.

SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
Virtualization 101.

Virtualization 101.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
Linux Basics CS 302. Outline  What is Unix?  What is Linux?  Virtual Machine.

Linux Basics CS 302. Outline  What is Unix?  What is Linux?  Virtual Machine.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.
CS 149: Operating Systems April 21 Class Meeting

CS 149: Operating Systems April 21 Class Meeting

Similar presentations

Ads by Google