Download Now Free registration required
In this paper, the authors describe an enhanced side-channel analysis method to detect hardware virtualization based rootkits, by detecting performance degradation caused by the hardware virtualization itself. The method proposed is, (like a network intrusion detection system), both passive and remote, so it is not easily detected by the rookit. The method does not rely on an internal and therefore untrustable timing source, and does not rely on the rootkit's potentially imperfect representation of the actual physical characteristics of the computing platform.
- Format: PDF
- Size: 823.21 KB