Information Security - 2

Slides:



Advertisements
Similar presentations
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Advertisements

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
A Fast Rejuvenation Technique for Server Consolidation with Virtual Machines Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.
Section 3.2: Operating Systems Security
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Windows Security and Rootkits Mike Willard January 2007.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Presented by Boris Yurovitsky
Towards Application Security On Untrusted OS
Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.
Virtualization for Cloud Computing
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
TDL3 Rootkit A Sans NewsBite Analysis by Marshall Washburn.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
SubVirt: Implementing malware with virtual machines
By, Anish Shanmugasundaram Yashwanth Sainath Jammi.
Virtually Secure Oded Horovitz VMware R&D CanSecWest March, 2008.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영
HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
1 UCR Firmware Attacks and Security introduction.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Countering Kernel Rootkits with Lightweight Hook Protection Presented by: Hector M Lugo-Cordero, MS CAP 6135 March 24, 2011.
Secure Operating Stuff Lesson “like” 7 (a): Virtualization.
Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
RootKit By Parrag Mehta OUTLINE What is a RootKit ? Installation Types How do RootKits work ? Detection Removal Prevention Conclusion References.
Chapter 2 Securing Network Server and User Workstations.
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Security Vulnerabilities in A Virtual Environment
security breakthrough INTRODUCING hypervisor memory introspection
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.
Genesis: From Raw Hardware to Processes Andy Wang Operating Systems COP 4610 / CGS 5765.
Class Presentation Pete Bohman, Adam Kunk, Erik Shaw (ONL)
VMM Based Rootkit Detection on Android
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.
Rootkits Jonathan Barella Chad Petersen. Overview What are rootkits How do rootkits work How to detect rootkits How to remove rootkits.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
OS Boot Sequence and File System (implication to “Boot Sector Viruses”) Department of Computer Science Southern Illinois University Edwardsville Spring,
Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.
Ilija Jovičić Sophos Consultant.
RCS v7 Infection Vectors
Computer System Structures
Intercept X for Server Early Access Program Sophos Tester
Introduction to Operating Systems
Starting the computer. Every day we are using an operating system and most specifically a Windows operating system but most of us are not aware of the.
Hiding Malware Rootkits
Hardware Security – Highlevel Survey Review for Exam 4
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Virtually Secure Oded Horovitz VMware R&D CanSecWest March, 2008
OS Boot Sequence and File System
OS Boot Sequence and File System
Engineering Secure Software
Presentation transcript:

Information Security - 2 Topic: Architectural Aid to Secure Systems Engineering V. Kamakoti RISE LAB, Department of Computer Science and Engineering IIT Madras Session – 5: virtual machine based ROOTKITs (VMBR)

Virtual-machine based rootkits (VMBRs) Hardware Target OS App1 App2 VMM Attack system After infection App1 App2 Target OS Hardware Before infection

Installation Assume attacker has kernel privilege - How? Traditional remote exploit (Stack smashing) Bribe employee Malicious bootable CD-Rom Install during shutdown Few processes running Efforts to prevent notification of activity

Installing a VMBR Modify the boot sequence Master boot record Boot sector BIOS OS

Installing a VMBR Modify the boot sequence VMBR loads BIOS Master boot record Boot sector BIOS OS

Maintaining control Hardware reset VMBR loses control Illusion of reset w/o losing control Reboot easy, shutdown harder VMBR loads BIOS Master boot record Boot sector OS BIOS

Malicious services due to VMBR Zero interaction malicious services E.g., phishing web server Passive monitoring E.g., keystroke logger, file system scanner Active execution modifications E.g., defeat VM detection technique All easy to implement

End of Session-5 Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.