The idea behind Blue Pill is simple: your operating system swallows the Blue
Pill and it awakes inside the Matrix controlled by the ultra thin Blue Pill
hypervisor. This all happens on-the-fly (i.e. without restarting the system)
and there is no performance penalty and all the devices, like graphics card,
are fully accessible to the operating system, which is now executing inside
virtual machine. This is possible thanks to the latest virtualization
technology from AMD called SVM/Pacifica.
The presentation will present the idea and details of Blue Pill implementation as well as some thoughts about defense against such virtualization based malware.
Joanna Rutkowska is a recognized researcher in the field of stealth
malware and system compromises. Over the past several years she has
introduced several breakthrough concepts and techniques on both the
offensive and defensive side in this field. Her work has been quoted
multiple times by international press and she is also a frequent speaker
at security conferences around the world. In April 2007 she has founded
Invisible Things Lab, a consulting company dedicated for cutting edge
research into operating systems security.
Last modified: Wed, 28 Feb 2007 16:14:06 +0100