A4 Article in conference proceedings
Creating modern blue pills and red pills (2019)


Algawi, A., Kiperberg, M., Leon, R., Resh, A., & Zaidenberg, N. (2019). Creating modern blue pills and red pills. In T. Cruz, & P. Simoes (Eds.), ECCWS 2019 : Proceedings of the 18th European Conference on Cyber Warfare and Security (pp. 6-14). Academic Conferences International. Proceedings of the European conference on information warfare and security.


JYU authors or editors


Publication details

All authors or editorsAlgawi, Asaf; Kiperberg, Michael; Leon, Roee; Resh, Amit; Zaidenberg, Nezer

Parent publicationECCWS 2019 : Proceedings of the 18th European Conference on Cyber Warfare and Security

Parent publication editorsCruz, Tiago; Simoes, Paulo

Conference:

  • European Conference on Cyber Warfare and Security

Place and date of conferenceCoimbra, Portugal4.-5.6.2019

ISBN978-1-912764-28-0

Journal or seriesProceedings of the European conference on information warfare and security

ISSN2048-8602

eISSN2048-8610

Publication year2019

Pages range6-14

Number of pages in the book884

PublisherAcademic Conferences International

Publication countryUnited Kingdom

Publication languageEnglish

Publication open accessNot open

Publication channel open access

Publication is parallel published (JYX)https://jyx.jyu.fi/handle/123456789/67098


Abstract

The blue pill is a malicious stealthy hypervisor-based rootkit. The red pill is a software package that is designed to detect such blue pills. Since the blue pill was originally proposed there has been an ongoing arms race between developers that try to develop stealthy hypervisors and developers that try to detect such stealthy hypervisors. Furthermore, hardware advances have made several stealth attempts impossible while other advances enable even more stealthy operation. In this paper we describe the current status of detecting stealth hypervisors and methods to counter them.


Keywordsvirtualisationforensic criminal investigationdata securitycyber securitycyber crimecyber attacksdata break-in

Free keywordsvirtualization, forensics, information security


Contributing organizations


Ministry reportingYes

Reporting Year2019

JUFO rating1


Last updated on 2024-11-03 at 14:25