As the technology is effort more and more complex, security research, especially offensive security investigate on a grouping level, becoming more and more difficult to be finished by digit person. NX/XD, ASLR, various StackGuard-like things, VT-d, TXT, etc... - every those technologies yield inferior and inferior space for the engrossing system-level attacks. On the added hand, the widespread \"deployment\" of Web 2.0 creates a whole newborn Atlantic to explore, but that is a whole different world (plus there are still every those \"human factor\" attacks that exploit user stupidity, but again, this is a different area).
Our Xen 0wning Trilogy is a beatific example of how a aggroup of researchers can still come up with engrossing newborn system-level attacks against the very past and securely design system. Take XenBluePill as an example.
It has prototypal been months of investigate and coding finished by Alex and myself to hold nested hardware virtualization on AMD. Then there was months of Rafal's investigate most how to load code into the running Xen on the fly (\"Xen Loadable Modules\"). That required knowledge to admittance Xen's module in the prototypal locate and Rafal's artefact for doing that was to ingest the DMA attack. But then it overturned out that the Xen 3.3 uses VT-d endorsement to protect against this very category of attacks. So then I came up with the \"Q35 attack\" that exploited a problem with past Intel BIOSes on past motherboards (details are coming this week). But I supported my move on a kindred SMM move that Rafal came up with a whatever months earlier on a different chipset, when he was looking into structure to cooperation SMM handler, as we started intellection most HyperGuard project back then and Rafal was peculiar sure the SMM endorsement is. In the meantime, Alex \"converted\" our employed New Blue Pill that had flooded hold for nested virtualization but was essentially a Windows driver, into a piece of code that was completely OS-independent (own module management, etc.). Then I eventually took Rafal's XLM framework, added a whatever secondary things that were necessary to load our \"Windows-independent Windows driver\" into Xen using XLM, fixed whatever secondary stuff and... it eventually worked! But that was doable only because of the joint work by every the threesome grouping together.
So, it is simply unfair to attribute every the glory and fame for our investigate to \"Rutkowska\" or \"Rutkowska and team\", as many news portals did. Please don't forget to assign every the co-authors! If you really would same to ingest a generic term, then \"Invisible Things Lab team\" would belike help better.
Speaking of our team, I also hit an announcement that play this period our aggroup has officially been long by still added person: Rong Fan from Beijing, China.
Rong is a software engineer, focusing on Intel's hardware virtualization technology (VT). A whatever months past he wrote to me with whatever modern questions regarding the implementation of our New BluePill that we published after the last year's Black Hat. Turned out that Rong, as part of his after-hour activity, is porting Bluepill to VT-x. After he succeeded, we decided to deal our nested virtualization code for AMD with him so that he could investigate how to do it on VT-x. And most 2 months past Rong succeeded with implementing flooded nested virtualization hold for our NBP on Intel VT-x! During that time Rong has had an possibleness to find out that employed with ITL is quite fun, so he decided to depart his employ at Lenovo and joined ITL flooded time. Right now Rong is laboring adding nested VT-x hold to a normal Xen hypervisor.
So, Invisible Things Lab is every most the aggroup work. The whole idea behindhand ITL is to foregather together a clump of smart people, so that we could every work on the most elating problems together. Problems that might be likewise Byzantine or time-consuming for meet digit person to solve. But it takes more then meet money to intend grouping to be fictive and devote themselves to work. Getting recognition is digit of the additional factors often needed. That's why ITL is not fascinated in \"hiding\" its employees, but kinda in promoting their work and fairly crediting them.
Our Xen 0wning Trilogy is a beatific example of how a aggroup of researchers can still come up with engrossing newborn system-level attacks against the very past and securely design system. Take XenBluePill as an example.
It has prototypal been months of investigate and coding finished by Alex and myself to hold nested hardware virtualization on AMD. Then there was months of Rafal's investigate most how to load code into the running Xen on the fly (\"Xen Loadable Modules\"). That required knowledge to admittance Xen's module in the prototypal locate and Rafal's artefact for doing that was to ingest the DMA attack. But then it overturned out that the Xen 3.3 uses VT-d endorsement to protect against this very category of attacks. So then I came up with the \"Q35 attack\" that exploited a problem with past Intel BIOSes on past motherboards (details are coming this week). But I supported my move on a kindred SMM move that Rafal came up with a whatever months earlier on a different chipset, when he was looking into structure to cooperation SMM handler, as we started intellection most HyperGuard project back then and Rafal was peculiar sure the SMM endorsement is. In the meantime, Alex \"converted\" our employed New Blue Pill that had flooded hold for nested virtualization but was essentially a Windows driver, into a piece of code that was completely OS-independent (own module management, etc.). Then I eventually took Rafal's XLM framework, added a whatever secondary things that were necessary to load our \"Windows-independent Windows driver\" into Xen using XLM, fixed whatever secondary stuff and... it eventually worked! But that was doable only because of the joint work by every the threesome grouping together.
So, it is simply unfair to attribute every the glory and fame for our investigate to \"Rutkowska\" or \"Rutkowska and team\", as many news portals did. Please don't forget to assign every the co-authors! If you really would same to ingest a generic term, then \"Invisible Things Lab team\" would belike help better.
Speaking of our team, I also hit an announcement that play this period our aggroup has officially been long by still added person: Rong Fan from Beijing, China.
Rong is a software engineer, focusing on Intel's hardware virtualization technology (VT). A whatever months past he wrote to me with whatever modern questions regarding the implementation of our New BluePill that we published after the last year's Black Hat. Turned out that Rong, as part of his after-hour activity, is porting Bluepill to VT-x. After he succeeded, we decided to deal our nested virtualization code for AMD with him so that he could investigate how to do it on VT-x. And most 2 months past Rong succeeded with implementing flooded nested virtualization hold for our NBP on Intel VT-x! During that time Rong has had an possibleness to find out that employed with ITL is quite fun, so he decided to depart his employ at Lenovo and joined ITL flooded time. Right now Rong is laboring adding nested VT-x hold to a normal Xen hypervisor.
So, Invisible Things Lab is every most the aggroup work. The whole idea behindhand ITL is to foregather together a clump of smart people, so that we could every work on the most elating problems together. Problems that might be likewise Byzantine or time-consuming for meet digit person to solve. But it takes more then meet money to intend grouping to be fictive and devote themselves to work. Getting recognition is digit of the additional factors often needed. That's why ITL is not fascinated in \"hiding\" its employees, but kinda in promoting their work and fairly crediting them.
0 comments:
Post a Comment