Cloaking Malware With the Trusted Platform Module

The Trusted Platform Module (TPM) is commonly thought of as hardware that can increase platform security. However, it can also be used for malicious purposes. The TPM, along with other hardware, can implement a cloaked computation, whose memory state cannot be observed by any other software, including the operating system and hypervisor. The authors show that malware can use cloaked computations to hide essential secrets (like the target of an attack) from a malware analyst.

Provided by: University of Texas Topic: Security Date Added: Jun 2011 Format: PDF

Find By Topic