Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.575040
Title: VMX-rootkit : implementing malware with hardware virtual machine extensions
Author: Esoul, O.
Awarding Body: University of Salford
Current Institution: University of Salford
Date of Award: 2008
Availability of Full Text:
Access through EThOS:
Access through Institution:
Abstract:
Stealth Malware (Rootkit) is a malicious software used by attackers who wish to run their code on a compromised computer without being detected. Over the years, rootkits have targeted different operating systems and have used different techniques and mechanisms to avoid detection. In late 2005 and early 2006, both, Intel™ and AMD™ incorporated explicit hardware support for virtualization into their CPUs. While this hardware support can help simplify the design and the implementation of a light-weight and efficient Virtual Machine Monitors (VMMs), this technology has introduced a new powerful mechanism that can be used by malware to create extremely stealthy rootkit called hardware-assisted virtual machine rootkit (HVM rootkit). An HVM rootkit is capable of totally controlling a compromised system by installing a small VMM (a.k.a. hyper- visor) underneath the operating system and its applications without altering any part of the target operating system or any part of its applications. It places the existing operating system into a virtual machine and turns it into a guest operating system on-the-fly without a reboot. The guest operating system is then totally governed and manipulated by the malicious hypervisor. In this thesis I have investigated the design and implementation of a minimal hypervisor based Rootkit that takes advantage of Intel Visualization Technology (Intel VT) for the IA-32 architecture (VT-x) and Microsoft Windows XP SP2 as the target operating system.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.575040  DOI: Not available
Share: