Hypervisors: Preventing hypervisor-based rootkits with trusted execution technology

Quantified Score

Visualization

Abstract

Virtualisation is not a new technology, but has experienced a resurgence of interest among industry and academic researchers over the last decade. New products and technologies are emerging quickly, and are being deployed with little considerations to security concerns. With the enhancement of hardware support for virtualisation in modern platforms, new opportunities and applications for virtualisation emerged. Malware authors have quickly adapted and developed new types of rootkits to exploit virtualisation functionality for their own purposes. This has lead to the creation of a new generation of stealthy malware. Security of virtualisation is based on the isolation properties provided by the hypervisor. Researchers from Hewlett-Packard Systems Security Lab explore the risks and possibilities of cutting edge hardware virtualisation support, and discuss the concept of trusting a hypervisor and its enforcement mechanisms. Virtualisation offers many benefits for data centres, developers as well as consumers. In data centres, virtualisation can help to increase utilisation of previously under-utilised servers, hence reducing operational cost. For developers and on the client side it can provide an easy try out feature for complex software, such as kernel development, unfamiliar operating systems, or even new application delivery models such as virtual appliances.