Modern Blue Pills and Red Pills-Reference-Cited by-同舟云学术

Modern Blue Pills and Red Pills

Published:2020 Issue: Volume: Page:1136-1149
ISSN:
Container-title:Encyclopedia of Criminal Activities and the Deep Web
language:
Short-container-title:

Author:

Algawi Asaf¹,Kiperberg Michael²,Leon Roee Shimon¹,Resh Amit³,Zaidenberg Nezer Jacob⁴

Affiliation:

1. University of Jyväskylä, Finland

2. Holon Institute of Technology, Israel

3. Shenkar College, Israel

4. College of Management, Israel

Abstract

This article presents the concept of blue pill, a stealth hypervisor-based rootkit, that was introduced by Joanna Rutkowska in 2006. The blue pill is a malicious thin hypervisor-based rootkit that takes control of the victim machine. Furthermore, as the blue pill does not run under the operating system context, the blue pill is very difficult to detect easily. The red pill is the competing concept (i.e., a forensics software that runs on the inspected machine and detects the existence of malicious hypervisor or blue pill). The concept of attestation of a host ensuring that no hypervisor is running was first introduced by Kennel and Jamieson in 2002. Modern advances in hypervisor technology and hardware-assisted virtualization enables more stealth and detection methods. This article presents all the recent innovation in stealth blue pills and forensics red pills.

Publisher

IGI Global

Reference15 articles.

1. An efficient VM-based software protection

2. Kennell, R., & Jamieson, L. H. (2003, August). Establishing the Genuinity of Remote Computer Systems. In USENIX Security Symposium (pp. 295-308). USENIX.

3. Kennell, R., & Jamieson, L. H. (2004). An analysis of proposed attacks against genuinity tests. CERIAS, Purdue Univ.

4. Kiperberg, M., & Zaidenberg, N. (2013). Efficient Remote Authentication. Journal of Information Warfare, 12(3), 49-55.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Hypervisor Memory Introspection and Hypervisor Based Malware Honeypot;Communications in Computer and Information Science;2020