Download HVM-based Rootkits: Blue Pill

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

CP/M wikipedia , lookup

Copland (operating system) wikipedia , lookup

Transcript 
HVM-Based Rootkits: Blue Pill
operating system
operating system
operating system
Blue Pill driver
Blue Pill driver
AMD-V hardware
Blue Pill exploits the
OS and inserts a
malicious driver into
the kernel.
Blue Pill hypervisor
AMD-V hardware
The driver enables SVM, sets up the
VMCB, and loads the Blue Pill
hypervisor into memory. Execution is
transferred to the hypervisor and
VMRUN is called.
Blue Pill hypervisor
AMD-V hardware
The OS now runs in
a VM. Execution is
transferred back to
the driver for
removal.
• Blue Pill requires hardware-enabled machines not running virtualization
• Blue Pill exploits operating system/software bugs to install
• New research aims to accommodate nested virtualization
1
Source: IBM
Related documents
New Lens Film Series Presents The Pill
New Lens Film Series Presents The Pill
Scientific Method Practice Worksheet
Scientific Method Practice Worksheet
HHP Accutane
HHP Accutane
FDA approves swallowable camera-in-a
FDA approves swallowable camera-in-a
Automatic Home Medication Dispenser
Automatic Home Medication Dispenser
Supply & Demand - Seattle Central College
Supply & Demand - Seattle Central College
Bacterial Vaginosis
Bacterial Vaginosis
Pill bottles - University of Illinois Agricultural Education Program
Pill bottles - University of Illinois Agricultural Education Program
ChemQuest #1 File - Oakland Schools Moodle
ChemQuest #1 File - Oakland Schools Moodle
fonseca-are-drug-prices-a-problem
fonseca-are-drug-prices-a-problem
HOSPITAL KUALA KUBU BHARU PHARMACY BULLETIN
HOSPITAL KUALA KUBU BHARU PHARMACY BULLETIN
lecture 14: virtualization
lecture 14: virtualization
Contraception - Max Brinsmead MB BS PhD
Contraception - Max Brinsmead MB BS PhD
RESPIRATORY - Robert Gordon University
RESPIRATORY - Robert Gordon University
Birth Control Methods/Forms
Birth Control Methods/Forms
Speed or Safety
Speed or Safety
Michele Dixon Biology Lesson Plan Variables and Fast Plants
Michele Dixon Biology Lesson Plan Variables and Fast Plants
Pill For Every Ill
Pill For Every Ill
The Pill - SHine SA
The Pill - SHine SA
Getting Noticed: The Importance of
Getting Noticed: The Importance of
emergency contraception
emergency contraception
Downloaden - Scholieren.com
Downloaden - Scholieren.com