Temporal search: detecting hidden malware timebombs with virtual machines
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Securing sensitive content in a view-only file system
Proceedings of the ACM workshop on Digital rights management
Manitou: a layer-below approach to fighting malware
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
IEEE Security and Privacy
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
IEEE Pervasive Computing
Rapid Trust Establishment for Pervasive Personal Computing
IEEE Pervasive Computing
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
An independent audit framework for software dependent voting systems
Proceedings of the 14th ACM conference on Computer and communications security
Design and implementation of an isolated sandbox with mimetic internet used to analyze malwares
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Security analysis of the diebold AccuVote-TS voting machine
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
OS circular: internet client for reference
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Compatibility is not transparency: VMM detection myths and realities
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Secretly monopolizing the CPU without superuser privileges
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Remote detection of virtual machine monitors with fuzzy benchmarking
ACM SIGOPS Operating Systems Review
Journal of Computer Security - The Third IEEE International Symposium on Security in Networks and Distributed Systems
Trustworthy and personalized computing on public kiosks
Proceedings of the 6th international conference on Mobile systems, applications, and services
Designing and implementing malicious hardware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
A hypervisor-based system for protecting software runtime memory and persistent storage
Proceedings of the 2008 Spring simulation multiconference
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 15th ACM conference on Computer and communications security
BootJacker: compromising computers using forced restarts
Proceedings of the 15th ACM conference on Computer and communications security
SMM rootkits: a new breed of OS independent malware
Proceedings of the 4th international conference on Security and privacy in communication netowrks
SHARK: Architectural support for autonomic protection against stealth by rootkit exploits
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Shepherding Loadable Kernel Modules through On-demand Emulation
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Emulating emulation-resistant malware
Proceedings of the 1st ACM workshop on Virtual machine security
The epistemology of computer security
ACM SIGSOFT Software Engineering Notes
ACM Transactions on Information and System Security (TISSEC)
Constructing trusted virtual execution environment in P2P grids
Future Generation Computer Systems
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
"Out-of-the-Box" monitoring of VM-based high-interaction honeypots
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Design issues of an isolated sandbox used to analyze malwares
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Stabilizing trust and reputation for self-stabilizing efficient hosts in spite of Byzantine guests
SSS'07 Proceedings of the 9h international conference on Stabilization, safety, and security of distributed systems
Using a personal device to strengthen password authentication from an untrusted computer
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Stabilizing trust and reputation for self-stabilizing efficient hosts in spite of byzantine guests
ACM SIGOPS Operating Systems Review
Rootkits for JavaScript environments
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Building a dark piconet upon bluetooth interfaces of computers
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Communications of the ACM
PEAR: a hardware based protocol authentication system
Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS
Live and trustworthy forensic analysis of commodity production systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Forenscope: a framework for live forensics
Proceedings of the 26th Annual Computer Security Applications Conference
Detecting (and creating !) a HVM rootkit (aka BluePill-like)
Journal in Computer Virology
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Malware: from modelling to practical detection
ICDCIT'10 Proceedings of the 6th international conference on Distributed Computing and Internet Technology
Host-Based security sensor integrity in multiprocessing environments
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Idea: opcode-sequence-based malware detection
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing
SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing
Proceedings of the 9th conference on Computing Frontiers
Virtualisation: Virtualisation as a blackhat tool
Network Security
Endpoint Security: Securing the iPod generation
Network Security
Security analysis of public cloud computing
International Journal of Communication Networks and Distributed Systems
A technique for remote detection of certain virtual machine monitors
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Shifting GEARS to enable guest-context virtual services
Proceedings of the 9th international conference on Autonomic computing
Proceedings of the 2012 ACM conference on Computer and communications security
The use of hardware virtualization in the context of information security
Programming and Computing Software
Dune: safe user-level access to privileged CPU features
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
ISC'07 Proceedings of the 10th international conference on Information Security
Trusted VM snapshots in untrusted cloud infrastructures
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Review: A survey of intrusion detection techniques in Cloud
Journal of Network and Computer Applications
Efficient protection of kernel data structures via object partitioning
Proceedings of the 28th Annual Computer Security Applications Conference
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
A survey on security issues and solutions at different layers of Cloud computing
The Journal of Supercomputing
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
A survey of security issues in hardware virtualization
ACM Computing Surveys (CSUR)
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM
Proceedings of the 40th Annual International Symposium on Computer Architecture
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Subverting system authentication with context-aware, reactive virtual machine introspection
Proceedings of the 29th Annual Computer Security Applications Conference
VMM detection using privilege rings and benchmark execution times
International Journal of Communication Networks and Distributed Systems
Illuminating the security issues surrounding lights-out server management
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
| Hi-index | 0.02 |
Attackers and defenders of computer systems both strive to gain complete control over the system. To maximize their control, both attackers and defenders have migrated to low-level, operating system code. In this paper, we assume the perspective of the attacker, who is trying to run malicious software and avoid detection. By assuming this perspective, we hope to help defenders understand and defend against the threat posed by a new class of rootkits. We evaluate a new type of malicious software that gains qualitatively more control over a system. This new type of malware, which we call a virtual-machine based rootkit (VMBR), installs a virtual-machine monitor underneath an existing operating system and hoists the original operating system into a virtual machine. Virtual-machine based rootkits are hard to detect and remove because their state cannot be accessed by software running in the target system. Further, VMBRs support general-purpose malicious services by allowing such services to run in a separate operating system that is protected from the target system. We evaluate this new threat by implementing two proof-of-concept VMBRs. We use our proof-of-concept VMBRs to subvert Windows XP and Linux target systems, and we implement four example malicious services using the VMBR platform. Last, we use what we learn from our proof-of-concept VMBRs to explore ways to defend against this new threat. We discuss possible ways to detect and prevent VMBRs, and we implement a defense strategy suitable for protecting systems against this threat.