High-class talks around the clock in the Forum, non-commercial projects presenting their work, new developments at the largest IT fair in the world, CeBIT Open Source 2010 in Hanover, Germany.
Virtualizing rootkits and the future of system security
VIRTUAL MALWARE
Author(s): WILHELM DOLLE AND CHRISTOPH WEGENER
A new generation of rootkits avoids detection by virtualizing the compromised system – and the user doesn’t notice a thing.
In the typical cat-and-mouse game of attackers and defenders, the aim of the game is to gain or keep control of the operating system. Legacy malware tries to escalate privileges and, if possible, to run in ring 0, the operating system’s kernel mode. Once it gets there, the exploit, and thus the attacker, can manipulate the system. Virtualization is often heralded as a big advance for system security. Multiple virtual systems can run on the same hardware without the ability to influence each other. This isolation prevents a number of standard attack techniques, but today’s virtualization technologies also open a whole new frontier for attacks that never would have been possible in the past. Experts are already talking about a new generation of rootkits that will exploit the powers of virtualization to avoid detection.
Watch our free Video Archive from Apachecon US 2009. Archive provided by The Apache Foundation, COLLABNET, and Linux Pro Magazine
Drawing internationally renowned thought-leaders, contributors, and organizations in the Open Source community, ApacheCon offers insight into the culture and community that develops and shepherds industry-leading Open Source projects, including Apache HTTP Server – the world's most popular Web server software for more than 10 years.
Comments