SubVirt: implementing malware with virtual machines

@article{King2006SubVirtIM,
  title={SubVirt: implementing malware with virtual machines},
  author={Samuel T. King and Peter M. C. Chen and Yi-Min Wang and Chad Verbowski and H. Wang and Jacob R. Lorch},
  journal={2006 IEEE Symposium on Security and Privacy (S\&P'06)},
  year={2006},
  pages={14 pp.-327}
}
Attackers and defenders of computer systems both strive to gain complete control over the system. To maximize their control, both attackers and defenders have migrated to low-level, operating system code. In this paper, we assume the perspective of the attacker, who is trying to run malicious software and avoid detection. By assuming this perspective, we hope to help defenders understand and defend against the threat posed by a new class of rootkits. We evaluate a new type of malicious software… Expand
Cloaker: Hardware Supported Rootkit Concealment
Detecting System Emulators
Using a Hypervisor to Migrate Running Operating Systems to Secure Virtual Machines
SHARK: Architectural support for autonomic protection against stealth by rootkit exploits
SMM rootkit: a new breed of OS independent malware
Covert remote syscall communication at kernel level: A SPOOKY backdoor
Rootkit Detection Using A Cross-View Clean Boot Method
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 60 REFERENCES
Detecting stealth software with Strider GhostBuster
Terra: a virtual machine-based platform for trusted computing
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Collapsar: A VM-Based Architecture for Network Attack Detention Center
...
1
2
3
4
5
...