Rootkit-BookChapter - 1 CHAPTER 19 WINDOWS ROOTKITS A GAME...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 CHAPTER 19 WINDOWS ROOTKITS A GAME OF HIDE AND SEEK Sherri Sparks, Shawn Embleton, and Cliff Zou School of Electrical Engineering and Computer Science, University of Central Florida, Orlando, FL 32816, USA E-mail: {ssparks, sembleton, czou}@cs.ucf.edu Rootkits are a type of malware that attempt to hide their presence on a system, typically by compromising the communication conduit between an Operating System and its users. In this chapter, we track the evolution of rootkits and the techniques used to defend against them from the earliest rootkits to highly advanced, present day rootkits capable of exploiting processor virtualization extensions and infecting the BIOS. 1. Introduction Despite all of the popular press surrounding malicious code like viruses and worms, until the past few years rootkits had remained a relatively hidden threat. If one were asked to classify viruses and worms by a single defining characteristic, the first word to come to mind would probably be replication . In contrast, the single defining characteristic of a rootkit is stealth . Viruses reproduce, but rootkits hide. They hide by compromising the communication conduit between an Operating System and its users. A rootkit can be defined as a set of programs which patch and trojan existing execution paths within the system. 1 Before delving into the low-level technical details, it is helpful to view the problem at a higher level of abstraction. Most modern Operating Systems are based upon the concept of a layered architecture. A layered architecture attempts to divide a computer system into hierarchal groups of related components that communicate according to predefined sets of rules, or interfaces. 2 At the highest level of abstraction, we can divide a system into three layers: users, Operating System (OS), and hardware. In this hierarchy, system users reside at the highest layer while hardware resides at the lowest. The Operating System sits in the S. Sparks, S. Embleton, C. Zou 2 middle managing the systems hardware resources. The function of the OS is two-fold. First, it shelters users from the gory details of hardware communication by encapsulating them into convenient services that they can call upon to perform useful work (e.g. creating a file, or opening a network connection). These services, also known as the API (Application Programmer Interface), form the communication conduit between users and the Operating System. Secondarily, the Operating System provides a trusted computing base (TCB) with security mechanisms for user authentication and the means of protecting itself and applications from damaging each other. 3 This layer is further divided into sub- components corresponding to the management of the systems primary resources....
View Full Document

Page1 / 28

Rootkit-BookChapter - 1 CHAPTER 19 WINDOWS ROOTKITS A GAME...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online