Experts developed protection from Blue Pill rootkit
 Researchers from North Carolina State University have developed software, called HyperSafe, that can protect VMM (virtual machine monitor) from malicious Blue Pill rootkit threats.
Rootkit is a type of software that is designed to gain administrative level control over a computer system, without being detected. Typically, attack will exploit vulnerability, such as a buffer overflow, to inject malicious code into hypervisor. In Blue Pill attacks, installed rootkit can intercept all system calls and redirect them. Xuxian Jiang, assistant professor of computer science at NCSU, said that HyperSafe enables the protection from code injection attempts through. This software borrows some of the kernel protection ideas developed for HookSafe, kernel rootkit protection software Jiang helped devise. One of the applied techniques is non-bypassable memory lockdown which secures memory in such way that it can be altered only by administrator. Also, the software protects the function pointers from being compromised so only administrator can alter the settings. Currently, the HyperSafe prototype is developed for BitVisor and Xen. For more information readers should visit Yahoo!News web site. |
