Detecting Hardware Assisted Hypervisor's
Detecting Hardware Assisted Hypervisor's
So one side of the fence is screaming about how a hardware assisted hypervisor rootkits are 100% undetectable, and the other side is yelling back saying thats totally wrong and timing attacks against it are trivial. This of course can be countered saying that an HV can trick timing attacks by modifying a VCPU's TSC_OFFSET value and an external clock would be required to measure time skew which may or may not be conclusive that there is something malicous going on.
Link http://rootkit.com/newsread.php?newsid=548
Added by Dancho Danchev
01.09.2006
So one side of the fence is screaming about how a hardware assisted hypervisor rootkits are 100% undetectable, and the other side is yelling back saying thats totally wrong and timing attacks against it are trivial. This of course can be countered saying that an HV can trick timing attacks by modifying a VCPU's TSC_OFFSET value and an external clock would be required to measure time skew which may or may not be conclusive that there is something malicous going on.
Link http://rootkit.com/newsread.php?newsid=548
Added by Dancho Danchev
01.09.2006
posted by ~fIrStoHiT~ at 5:36 AM
0 Comments:
Post a Comment
<< Home