Secure Coding mailing list archives
Intel turning to hardware for rootkit detection
From: cradle at umd.edu (David Eisner)
Date: Tue, 13 Dec 2005 16:20:36 -0500
Ron Forrester wrote:
On 12/13/05, Kenneth R. van Wyk <Ken at krvw.com> wrote:The detection mechanism seems to primarily be looking primarily for non-OS software modifying OS inhabited memory blocks. Wonder how they're definining (and maintaining the definition) of each... I also wonder how it'll impact near-OS software installations like, say, device drivers, authentication plug-ins, and other things that need to poke pretty deeply into the OS in order to install.I have to admit, when I initially read about this I immediately dismissed it as nothing but marketing hype -- what little details they gave for the solution seemed to me to be less than practical and certainly would have issues adapting to targeted attempts to deceive the mechanism.
A bit more detail: http://www.intel.com/technology/magazine/research/runtime-integrity-1205.htm http://www.intel.com/technology/comms/download/system_integrity_services.pdf I haven't read these carefully, but it reminds me a bit of trusted computing [1]. In fact, one of the authors (first link) is a member of the Trusted Computing Group. Wouldn't it be funny if proposed rootkit "cures" turn out to provide a good platform for more formidable DRM technology? -David [1] http://www-personal.si.umich.edu/~rwash/projects/trusted/
Current thread:
- Intel turning to hardware for rootkit detection Kenneth R. van Wyk (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection Gadi Evron (Dec 13)
- Intel turning to hardware for rootkit detection Ron Forrester (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection David Eisner (Dec 13)
- Intel turning to hardware for rootkit detection Greenarrow 1 (Dec 13)
- <Possible follow-ups>
- Intel turning to hardware for rootkit detection Steven M. Bellovin (Dec 13)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 13)
- Intel turning to hardware for rootkit detection mudge (Dec 13)
- Intel turning to hardware for rootkit detection Crispin Cowan (Dec 14)
- Intel turning to hardware for rootkit detection ljknews (Dec 14)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 14)
- Intel turning to hardware for rootkit detection Michael S Hines (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 13)
- Intel turning to hardware for rootkit detection ljknews (Dec 14)
- Intel turning to hardware for rootkit detection Chris Wysopal (Dec 14)