Virtualization - The Other Side of the Coin
Joanna Rutkowska
Invisible Things Lab
The idea behind Blue Pill is simple: your operating system swallows the Blue Pill and it awakes inside the Matrix controlled by the ultra thin Blue Pill hypervisor. This all happens on-the-fly (i.e. without restarting the system) and there is no performance penalty and all the devices, like graphics card, are fully accessible to the operating system, which is now executing inside virtual machine. This is possible thanks to the latest virtualization technology from AMD called SVM/Pacifica.

The presentation will present the idea and details of Blue Pill implementation as well as some thoughts about defense against such virtualization based malware.

Joanna Rutkowska is a recognized researcher in the field of stealth malware and system compromises. Over the past several years she has introduced several breakthrough concepts and techniques on both the offensive and defensive side in this field. Her work has been quoted multiple times by international press and she is also a frequent speaker at security conferences around the world. In April 2007 she has founded Invisible Things Lab, a consulting company dedicated for cutting edge research into operating systems security.

Last modified: Wed, 28 Feb 2007 16:14:06 +0100