Hardware-assisted virtual machine rootkit and detection Click Copy

Hardware-assisted virtual machine rootkit and detection

References:

[1] King S T, Chen P M, Wang Y, et al. SubVirt: Implementing malware with virtual machines[C].//Proceedings of the 2006 IEEE Symposium on Security and Privacy. Oakland, CA, 2006.
[2] Rutkowska J. Subverting Vista Kernel For Fun And Profit[C].//Black Hat USA 2006. Caesars Palace, Las Vegas, 2006.
[3] Zovi D A D. Hardware Virtualization-Based Rootkits[C].//Black Hat USA 2006. Caesars Palace, Las Vegas, 2006.
[4] Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3B: System Programming Guide, Part 2[EB/OL].(2000-03-07)
[2009-02-27].http://download.intel.com/design/processor/manuals/253669.pdf.
[5] AMD64 Architecture Programmer's Manual Volume 2: System Programming[EB/OL].(2001-02-21)
[2009-02-27].http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/24593.pdf.
[6] Hoglund G, Butler J. Rootkits: Subverting the Windows Kernel[M].Beijing:Osinghua University Press, 2007.
[7] Rutkowska J. Introducing Stealth Malware Taxonomy[EB/OL].(2003-04-09)
[2009-02-21].http://www.invisiblethings.org /papers/malware-taxonomy.pdf.
[8] HackerDefender[EB/OL].(2004-07-10)
[2009-01-10].http://vil. nai.com/ vil/ content/v_100035.htm.
[9] Peter Silberman C H A O. FUTo[Z]. 2005.
[10]Popek G J, Goldberg R P. Formal Requirements for Virtualizable Third Generation Architectures[J]. Communications of the ACM. 1974, 17(7): 412-421.
[11]Fritsch H. Analysis and detection of virtualization-based rootkits[EB/OL].(2005-10-10)
[2009-02-27].http://www.nm.ifi. lmu. de/pub/Fopras/frit08/PDF-Version/frit08.pdf.
[12]Adams K. BluePill detection in two easy steps[EB/OL].(2007-07-20)
[2009-02-26].http://x86v mm.blogspot.com/2007/07/bluepill-detection-in-two-easy-steps.html.
[13]Bulygin Y. CPU side-channels vs. virtualization rootkits: the good, the bad, or the ugly[EB/OL].(2007-10-19)
[2009-02-27].http://www.c7zero.info/stuff/hyper-channel_toorcon_seattle.ppt.
[14]Rutkowska J, Tereshkin A. IsGameOver(), Anyone?[EB/OL].(2006-05-07)
[2009-02-27].

Memo

基金项目: 总装“十一五”预研项目,安徽省重点实验室基金项目(2007a011011f) 通讯作者: 凌 冲(1983-),男,陕西西安人,硕士,主要从事计算机技术的研究工作.