Joanna Rutkowska

Joanna Rutkowska

Joanna Rutkowska is a Polish security specialist, primarily known for her research on stealth malware and contributions to Windows Vista backdoor installation and hiding techniques.

In August 2006 at the Black Hat Briefings conference in Las Vegas, Rutkowska presented system compromise techniques that could be used on Windows Vista systems - and subsequently, has been named one of "Five Hackers who Put a Mark on 2006" by eWeek Magazine for her research on the topic [ [http://www.eweek.com/article2/0,1895,2078362,00.asp Five Hackers Who Left a Mark on 2006] , Ryan Naraine, eWeek.com] .

In the first part of the presentation, Rutkowska discussed how to bypass Vista kernel protection, demonstrating how to load unsigned code into the Vista kernel. The second part of the presentation introduced a technique dubbed Blue Pill. It could be described as a rootkit technology, allowing potentially malicious code to covertly take control over the system through the use of CPU virtualization. This method, although presented and implemented on Vista system is OS-independent and does not exploit any weakness in the Vista system itself. The effectiveness of the latter approach, dubbed Blue Pill, is a subject of a debate among some researchers.

At Black Hat Federal, in March 2007, Rutkowska demonstrated that certain types of hardware-based memory acquisition (e.g. Firewire based) are unreliable and can be defeated.

At the next Black Hat in Las Vegas, Rutkowska and Alexander Tereshkin presented research that:
*Disclosed specific Vista driver vulnerabilities (and patterns of vulnerabilities) of that again allowed the bypass of Vista kernel protection.

*Released the source code to the "New Blue Pill" project, a ground-up rewrite of Blue Pill and the first published virtualized rootkit.

*Discussed ways to avoid the detection of virtualization-based rootkits.

*Critiqued detection approaches presented by other researchers, noting that "blue pill detection" methods to be generic VMM detectors, incapable of distinguishing between malicious and non-malicious hypervisors.

*Presented the first working proof of concept of "nested virtualization", allowing other hardware-based hypervisors as guests of the Blue Pill's hypervisor. The published code only allowed to run simple hypervisors as guest, e.g. the Blue Pill hypervisor itself as a guest of another Blue Pill hypervisor.

In April 2007 Rutkowska founded Invisible Things Lab in Warsaw, Poland. The company focuses on OS and VMM security research and provides various consulting services.

References

External links

* [http://invisiblethings.org/ InvisibleThings - personal website]
* [http://theinvisiblethings.blogspot.com/ InvisibleThings blog]
* [http://www.invisiblethingslab.com/ Invisible Things Lab - corporate website]
* [http://news.com.com/2100-7349_3-6102458.html CNET news - Vista Hacked at Black Hat]
* [http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002212&source=rss_topic85 Computerworld Security article]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать курсовую

Look at other dictionaries:

  • Joanna Rutkowska — ist eine polnische Hackerin und Spezialistin für Computersicherheit, die vor allem für ihre Forschungen im Bereich Malware[1] im Allgemeinen und die Installation und das Verstecken von Backdoors in Microsoft Windows Vista[2][3] im Speziellen… …   Deutsch Wikipedia

  • Rutkowska — Joanna Rutkowska ist eine polnische Hackerin und Spezialistin für Computersicherheit, die vor allem für ihre Forschungen im Bereich Malware[1] im Allgemeinen und die Installation und das Verstecken von Backdoors in Microsoft Windows Vista[2][3]… …   Deutsch Wikipedia

  • Рутковская, Йоанна — В Википедии есть статьи о других людях с такой фамилией, см. Рутковская. Йоанна Рутковская Joanna Rutkowska …   Википедия

  • Blue Pill (malware) — Blue Pill is the codename for a controversial rootkit based on virtualization technology that targets Microsoft s Windows Vista operating system. Blue Pill uses AMD Pacifica virtualization technology, but reportedly could be ported to use Intel… …   Wikipedia

  • Bluepill — Virtual Machine Based Rootkit (VMBR) sind Rootkits, die ein vorhandenes Betriebssystem in eine virtuelle Umgebung verschieben. Dadurch ist das Betriebssystem in der virtuellen Umgebung gefangen. Die virtuelle Umgebung ist somit eine Software… …   Deutsch Wikipedia

  • Microsoft Vista — Windows Vista Entwickler Microsoft Version Build 6001 …   Deutsch Wikipedia

  • Microsoft Windows Longhorn — Windows Vista Entwickler Microsoft Version Build 6001 …   Deutsch Wikipedia

  • Microsoft Windows Mojave — Windows Vista Entwickler Microsoft Version Build 6001 …   Deutsch Wikipedia

  • Vista Business — Windows Vista Entwickler Microsoft Version Build 6001 …   Deutsch Wikipedia

  • Vista Enterprise — Windows Vista Entwickler Microsoft Version Build 6001 …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”