A3 Book section, Chapters in research books
Practical Evasion of Red Pill in Modern Computers (2022)

Resh, A., Zaidenberg, N., & Kiperberg, M. (2022). Practical Evasion of Red Pill in Modern Computers. In M. Lehto, & P. Neittaanmäki (Eds.), Cyber Security : Critical Infrastructure Protection (pp. 461-473). Springer. Computational Methods in Applied Sciences, 56. https://doi.org/10.1007/978-3-030-91293-2_20

JYU authors or editors

Publication details

All authors or editors: Resh, Amit; Zaidenberg, Nezer; Kiperberg, Michael

Parent publication: Cyber Security : Critical Infrastructure Protection

Parent publication editors: Lehto, Martti; Neittaanmäki, Pekka

ISBN: 978-3-030-91292-5

eISBN: 978-3-030-91293-2

Journal or series: Computational Methods in Applied Sciences

ISSN: 1871-3033

eISSN: 2543-0203

Publication year: 2022

Number in series: 56

Pages range: 461-473

Number of pages in the book: 484

Publisher: Springer

Place of Publication: Cham

Publication country: Switzerland

Publication language: English

DOI: https://doi.org/10.1007/978-3-030-91293-2_20

Publication open access: Not open

Publication channel open access:

Abstract

The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package designed to detect blue pills or hypervisors in general. Ever since the blue pill was originally proposed, there has been an ongoing arms race between developers trying to develop stealthy hypervisors and developers trying to detect such stealthy hypervisors. Hypervisors can also be used for monitoring and forensic purposes, while malicious software may include a red pill component to discover such a hypervisor in order to evade it. This chapter discusses a practical approach to counter such malicious software by evading the red pill components.

Keywords: data security; virtualisation; malware

Free keywords: virtualization; forensics; information security; red pill

Contributing organizations

Ministry reporting: Yes

Reporting Year: 2022

Preliminary JUFO rating: 1