Use this URL to cite or link to this record in EThOS:
Title: VMX-rootkit : implementing malware with hardware virtual machine extensions
Author: Esoul, O.
ISNI:       0000 0004 2740 0928
Awarding Body: University of Salford
Current Institution: University of Salford
Date of Award: 2008
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Thesis embargoed until 31 Jul 2022
Access from Institution:
Stealth Malware (Rootkit) is a malicious software used by attackers who wish to run their code on a compromised computer without being detected. Over the years, rootkits have targeted different operating systems and have used different techniques and mechanisms to avoid detection. In late 2005 and early 2006, both, Intel™ and AMD™ incorporated explicit hardware support for virtualization into their CPUs. While this hardware support can help simplify the design and the implementation of a light-weight and efficient Virtual Machine Monitors (VMMs), this technology has introduced a new powerful mechanism that can be used by malware to create extremely stealthy rootkit called hardware-assisted virtual machine rootkit (HVM rootkit). An HVM rootkit is capable of totally controlling a compromised system by installing a small VMM (a.k.a. hyper- visor) underneath the operating system and its applications without altering any part of the target operating system or any part of its applications. It places the existing operating system into a virtual machine and turns it into a guest operating system on-the-fly without a reboot. The guest operating system is then totally governed and manipulated by the malicious hypervisor. In this thesis I have investigated the design and implementation of a minimal hypervisor based Rootkit that takes advantage of Intel Visualization Technology (Intel VT) for the IA-32 architecture (VT-x) and Microsoft Windows XP SP2 as the target operating system.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available