Detection of Hardware Virtualization Based Rootkits by Performance Benchmarking

Download Now Date Added: Jan 2012
Format: PDF

In this paper, the authors describe an enhanced side-channel analysis method to detect hardware virtualization based rootkits, by detecting performance degradation caused by the hardware virtualization itself. The method proposed is, (like a network intrusion detection system), both passive and remote, so it is not easily detected by the rookit. The method does not rely on an internal and therefore untrustable timing source, and does not rely on the rootkit's potentially imperfect representation of the actual physical characteristics of the computing platform.