An analysis of hardware-assisted virtual machine based rootkits
Fannon, Robert C.
MetadataShow full item record
The use of virtual machine (VM) technology has expanded rapidly since AMD and Intel implemented hardware-assisted virtualization in their respective x86 architectures. These new capabilities have resulted in a corresponding expansion of security challenges. Hardware-Assisted VM (HVM) rootkits have become a credible threat because of these new virtualization technologies and have provided an added vector with which root access can be exploited by malicious actors. An HVM rootkit covertly subverts an Operating System (OS) running on a general purpose x86 based processor and migrates that OS into a VM under the control of a malicious hypervisor. This results in the hypervisor possessing an effective privilege level of ring -0, a higher privilege level than ring 0, which the target OS possesses in either its non-virtualized or virtualized state. The only known successful HVM rootkits are Blue Pill and Vitriol. This thesis analyzes and compares the source code for both AMD-V and Intel VT-x implementations of Blue Pill to identify commonalities in the respective versions' attack methodologies from both a functional and technical perspective. Findings conclude that their functional implementations are nearly identical; but their technical implementations are very different, primarily because of differences in the AMD-V and Intel VT-x specifications.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Lessons from enterprise system implementations applied to the Marine corps total force administration system Moore, Keith F. (Monterey, California. Naval Postgraduate School, 2001-09);The United States Marine Corps is implementing a new human resource system called the Total Force Administration System (TFAS). Enterprise and Enterprise Resource Planning (ERP) System implementations are reputed to be ...
MacLennan, Bruce J. (Monterey, California. Naval Postgraduate School, 1981-19); NPS-52-81-012The lambda calculus is used as an introduction to programming language concepts, particularly the concepts of functional programming. Both interpreted and compiled implementations of an extended lambda calculus are discussed. ...
Navy Enterprise Resource Planning Program: governance challenges in deploying an enterprise-wide information technology system in the Department of the Navy Carey, Kevin L.; Valle, Elmer D. (Monterey, California. Naval Postgraduate School, 2010-12);The United States Department of the Navy (DoN) Enterprise Resource Planning (ERP) Program is deploying the largest enterprise-wide information technology (IT) system seen in any public sector organization to date. Along ...