Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security - 2

Published byLorena Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security - 2"— Presentation transcript:

1 Information Security - 2
Topic: Architectural Aid to Secure Systems Engineering V. Kamakoti RISE LAB, Department of Computer Science and Engineering IIT Madras Session – 5: virtual machine based ROOTKITs (VMBR)

2 Virtual-machine based rootkits (VMBRs)
Hardware Target OS App1 App2 VMM Attack system After infection App1 App2 Target OS Hardware Before infection

3 Installation Assume attacker has kernel privilege - How?
Traditional remote exploit (Stack smashing) Bribe employee Malicious bootable CD-Rom Install during shutdown Few processes running Efforts to prevent notification of activity

4 Installing a VMBR Modify the boot sequence Master boot record Boot
sector BIOS OS

5 Installing a VMBR Modify the boot sequence VMBR loads BIOS Master boot
record Boot sector BIOS OS

6 Maintaining control Hardware reset VMBR loses control
Illusion of reset w/o losing control Reboot easy, shutdown harder VMBR loads BIOS Master boot record Boot sector OS BIOS

7 Malicious services due to VMBR
Zero interaction malicious services E.g., phishing web server Passive monitoring E.g., keystroke logger, file system scanner Active execution modifications E.g., defeat VM detection technique All easy to implement

8 End of Session-5 Thank You

Download ppt "Information Security - 2"

Similar presentations

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
A Fast Rejuvenation Technique for Server Consolidation with Virtual Machines Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.

A Fast Rejuvenation Technique for Server Consolidation with Virtual Machines Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.

Virtualization in HPC Minesh Joshi CSC 469 Dr. Box Feb 1, 2012.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.

Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Windows Security and Rootkits Mike Willard January 2007.

Windows Security and Rootkits Mike Willard January 2007.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Presented by Boris Yurovitsky

Presented by Boris Yurovitsky
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.

SubVirt: Implementing malware with virtual machines Yi-Min Wang Chad Verbowski Helen J. Wang Jacob R. Lorch Microsoft Research Samuel T. King Peter M.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
TDL3 Rootkit A Sans NewsBite Analysis by Marshall Washburn.

TDL3 Rootkit A Sans NewsBite Analysis by Marshall Washburn.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
SubVirt: Implementing malware with virtual machines

SubVirt: Implementing malware with virtual machines

Similar presentations

Ads by Google