There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 1 of 2
PART 1: Joanna Rutkowska.
Could you introduce yourself?
Joanna Rutkowska: I'm a security researcher focusing on operating system security research. I'm mostly interested in stealth technology as used by rootkits and covert channels, OS isolation mechanisms and virtualization technology. A few months ago I started my own consulting company, Invisible Things Lab.
Did you see the talk given at Blackhat by Peter Ferrie, Nate Lawson, Thomas Ptacek? Your reaction?
Joanna Rutkowska: Of course I saw it! This presentation promised to definitely solve the problem of virtualization based malware. The authors went so far to announcing actually that "the virtualized rootkit is dead". No wonder that it was one of the most expected talks at Black Hat this year...
Unfortunately authors failed to prove their claims and all they presented was just a bunch of hacks of how to detect virtualization, but not virtualization based malware.
As hardware virtualization technology gets more and more widespread, many machines will be running with virtualization mode enabled, no matter whether "bluepilled" or not. In that case blue pill-like malware doesn't need to cheat that virtualization is not enabled, as it's actually expected that virtualization is being used for some legitimate purposes. In that case using a "blue pill detector", that in fact is just a generic virtualization detector is pointless.
During our presentation (I co-presented with Alex Tereshkin who works with me and who wrote most of the New Blue Pill's code) we have also showed that even the virtualization detection methods they (and some other researchers) presented were not reliable and needed some improvements. I discussed the problems with TLB profiling, that was one of the key methods used by "blue pill dead announcers". I explained how we need to take extra care (e.g. of avoiding collisions in data L1 cache). None of the researchers discussing TLB profiling methods before, touched this subject, which suggested that they never actually tested their methods on AMD processors.
Needless to say we have also published an improved version of TLB profiler, that was reliable and could be used for SVM mode detection. But again, this is still not a good blue pill detection approach, as it only tells you about virtualization mode being enabled, not about the actual malware. So, in any case that you're using some legitimate hardware virtualization application already, this detector is useless.
What make you believe that we can build a 100% invisible rootkit?
Joanna Rutkowska: The "100% undetectability" phrase applies to practical detection, as even last year we knew some methods that could be used for unexpected hypervisors detection. It passed a year and we still don't have any good method for virtualization malware detection and I don't believe we could have any without the help from hardware.
Let's say that building a 100% invisible system is possible. This means that anyone could use it to do legal (hidden auditing, honeypots, hids) or illegal things without being detected. If we are sure it's completely undetectable, would giving it away on the internet be ethically acceptable? That would mean giving away a sort of "invincible weapon", no?
Joanna Rutkowska: That would depend on the scenario. It will probably be possible to detect the presence of a hypervisor (using various tricks), so in case we would expect that there should not be a hypervisor present, like in most cases today, but much fewer situations in the future, then we would be able to detect that something is not ok.
Consider a honeypot for example. Today, if we built a honeypot using hardware virtualization, then, taking into account that very few servers in the wild are virtualized using VT-x or SVM technology, it might be possible for an attacker to find out that the server is suspicious. However, in the coming months we expect more and more servers to be virtualized using VT-x/SVM, in which case, both the normal servers and honeypots would be virtualized. The fact that an attacker detects the server is under the control of a hypervisor would not be useful, as most servers would be expected to be virtualized anyway.
Another trend is to use virtualization technology to increase desktop security, by isolating application from each other (e.g. user might have a dedicated VM for "unsafe" browsing, yet another machine for "IM-ing", etc). Again, in such a scenario, it's expected that the virtualization mode is enabled, so blue pill-like malware can simply sit above all those application (thanks to nested hypervisor support), control the OS, but doesn't need to bother to cheat about the virtualization being not used, as it's actually expected that the virtualization is being used. Again, detecting the presence of a virtualization mode, is pretty useless.
I guess we can say that virtualization is always detectable, so should the new focus be how we can distinguish a legitimate hypervisor from Blue Pill?
Joanna Rutkowska: Virtualization is always detectable, but we don't have any good, robust documented method to do that -- all we have (and will have) is a bunch of more or less complex hacks.
For example, I showed that the methods presented by Ptacek, Ferrie and Lawson during thier Black Hat talk, were either easy to defeat or were immature and unstable.
Distinguishing legitimate virtualization from malicious virtualization sounds logically as being the next step, but I somewhat don't see any good methods we could use to do that effectively.
I don't believe we can solve this problem without the help from hardware. But I still don't know how we should do it really.
From a security standpoint, do you see any difference between virtualization features included in AMD and Intel cpus?
Joanna Rutkowska: The AMD SVM technology is a bit richer then current Intel VT-x implementation, which also allows malware authors for a bit more freedom (e.g. they do not have to intercept CPUID instruction obligatory on SVM).
On the other hand AMD SVM contains several interesting features that might be used for better system protection (e.g. External Access Protection (EAP) and SKINIT instruction). But I know that similar technologies are to be introduced in the upcoming Intel processors as well.
All in all - both technologies seem to be similar from the security point of view (at least at the design level) and both are vulnerable to similar threats, like virtualization based malware.