Information Security - 2

This topic delves into Virtual Machine-Based Rootkits (VMBRs) and their installation, modifications, control mechanisms, and services. It covers the potential threats posed by VMBRs and ways to prevent unauthorized access and control.

• Security
• Systems Engineering
• Rootkits
• Virtual Machines
• Threats

myuk Follow

Uploaded on Mar 08, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Information Security - 2 Topic: Architectural Aid to Secure Systems Engineering V. Kamakoti RISE LAB, Department of Computer Science and Engineering IIT Madras SESSION 5: VIRTUAL MACHINE BASED ROOTKITS (VMBR)

2. Virtual-machine based rootkits (VMBRs) App1 App2 Attack system App1 App2 Target OS Target OS VMM Hardware Hardware Before infection After infection

3. Installation Assume attacker has kernel privilege - How? Traditional remote exploit (Stack smashing) Bribe employee Malicious bootable CD-Rom Install during shutdown Few processes running Efforts to prevent notification of activity

4. Installing a VMBR Modify the boot sequence Master boot record Boot sector BIOS OS

5. Installing a VMBR Modify the boot sequence VMBR loads BIOS Master boot record Boot sector BIOS OS

6. Maintaining control Hardware reset VMBR loses control Illusion of reset w/o losing control Reboot easy, shutdown harder VMBR loads BIOS Master boot record Boot sector BIOS OS

7. Malicious services due to VMBR Zero interaction malicious services E.g., phishing web server Passive monitoring E.g., keystroke logger, file system scanner Active execution modifications E.g., defeat VM detection technique All easy to implement

8. End of Session-5 Thank You