- Joanna Rutkowska
Joanna Rutkowska is a Polish security specialist, primarily known for her research on stealth malware and contributions to
Windows Vista backdoor installation and hiding techniques.In August 2006 at the
Black Hat Briefings conference in Las Vegas, Rutkowska presented system compromise techniques that could be used onWindows Vista systems - and subsequently, has been named one of "Five Hackers who Put a Mark on 2006" by eWeek Magazine for her research on the topic [ [http://www.eweek.com/article2/0,1895,2078362,00.asp Five Hackers Who Left a Mark on 2006] , Ryan Naraine, eWeek.com] .In the first part of the presentation, Rutkowska discussed how to bypass Vista kernel protection, demonstrating how to load unsigned code into the Vista kernel. The second part of the presentation introduced a technique dubbed Blue Pill. It could be described as a
rootkit technology, allowing potentially malicious code to covertly take control over the system through the use of CPUvirtualization . This method, although presented and implemented on Vista system is OS-independent and does not exploit any weakness in the Vista system itself. The effectiveness of the latter approach, dubbed Blue Pill, is a subject of a debate among some researchers.At Black Hat Federal, in March 2007, Rutkowska demonstrated that certain types of hardware-based memory acquisition (e.g. Firewire based) are unreliable and can be defeated.
At the next Black Hat in Las Vegas, Rutkowska and Alexander Tereshkin presented research that:
*Disclosed specific Vista driver vulnerabilities (and patterns of vulnerabilities) of that again allowed the bypass of Vista kernel protection.*Released the source code to the "New Blue Pill" project, a ground-up rewrite of Blue Pill and the first published virtualized rootkit.
*Discussed ways to avoid the detection of virtualization-based rootkits.
*Critiqued detection approaches presented by other researchers, noting that "blue pill detection" methods to be generic VMM detectors, incapable of distinguishing between malicious and non-malicious hypervisors.
*Presented the first working proof of concept of "nested virtualization", allowing other hardware-based hypervisors as guests of the Blue Pill's hypervisor. The published code only allowed to run simple hypervisors as guest, e.g. the Blue Pill hypervisor itself as a guest of another Blue Pill hypervisor.
In April 2007 Rutkowska founded Invisible Things Lab in Warsaw, Poland. The company focuses on OS and VMM security research and provides various consulting services.
References
External links
* [http://invisiblethings.org/ InvisibleThings - personal website]
* [http://theinvisiblethings.blogspot.com/ InvisibleThings blog]
* [http://www.invisiblethingslab.com/ Invisible Things Lab - corporate website]
* [http://news.com.com/2100-7349_3-6102458.html CNET news - Vista Hacked at Black Hat]
* [http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002212&source=rss_topic85 Computerworld Security article]
Wikimedia Foundation. 2010.
