The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture

Capítulo de livro Revisado por pares

The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture

2016; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-50011-9_29

ISSN

1611-3349

Autores

Robert Buhren, Julian Vetter, Jan Nordholz,

Tópico(s)

Cloud Data Security Solutions

Resumo

The virtualization capabilities of today’s systems offer rootkits excellent hideouts, where they are fairly immune to countermeasures. In this paper, we evaluate the vulnerability to hypervisor-based rootkits of ARM-based platforms, considering both ARMv7 and ARMv8. We implement a proof-of-concept rootkit to prove the validity of our findings. We then detail the anatomy of an attack wherein a hypervisor rootkit and a userspace process collaborate to undermine the isolation properties enforced by the Linux kernel. Based on our discoveries, we explore the possibilities of mitigating each attack vector. Finally, we discuss methods to detect such highly privileged rootkits so as to conceive more effective countermeasures.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture