There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 2 of 2
PART 2: Thomas Ptacek and Nate Lawson.
Could you introduce yourself?
Thomas Ptacek: I'm a researcher at Matasano Security, a company I co-founded. I've been a published security researcher for over 10 years. My partners in this project are even more experienced: Nate Lawson found his first SunOS vulnerability in the early '90s, and designed the still-unbroken BD+ scheme that protects Blu-Ray disks. Peter Ferrie is a well known antivirus researcher, also with over 10 years of experience. It would be fair to say that Peter's work motivated us to start this project.
Nate Lawson: I am principal at Root Labs. I am currently assisting companies with design and evaluation of solutions involving embedded and kernel security and cryptography. A typical project might be to evaluate and improve a design for an authenticated boot ROM. I'm a FreeBSD committer in my spare time, maintaining the power management (i.e. ACPI) layer.
I'm most interested in designs that provide renewable security, as Tom mentions. The Blu-ray system I co-designed with others at Cryptography Research provides for disc-specific protection code that must be circumvented to descramble a movie.
Did you see the talk given by Joanna at Blackhat? Your reaction?
Thomas Ptacek: All three of us saw Joanna's talk, and I think I speak for the three of us when I say that she did a good job under tough circumstances. Joanna had just hours to respond to the points we raised in our presentation, and had clever answers to many of them. I'm hopeful that if you went to Black Hat and saw both talks, you watched an interesting debate and learned a lot about virtualization.
Researchers at Stanford, VMWare, Root Labs, Symantec, Matasano, and Joanna's own former employer COSEINC have all published methods to detect unexpected virtualization. Joanna has rebutted none of them. What she has done is point out the inevitable bugs that occur when code is ported from Intel to AMD chips. She has then fixed those bugs, and proved on stage that they do in fact work.
One thing the industry has learned from the drama at Black Hat is that it is undisputed that software can detect unexpected virtualization.
Regarding "sleep mode". There is no such thing as a "sleep mode" that makes code invisible to a running Microsoft Vista kernel. When Blue Pill "chickens out" and dives out of the hypervisor and back into the kernel, it must leave a backdoor to allow itself back in.
But that begs the question. We asked, "Joanna, if your strategy for dealing with virtualization detectors is to hide in the kernel, why bother virtualizing at all? Obviously you believe your code is more stealthy when it's "chickening out" in the kernel." Joanna responds, "Blue Pill has a really clever way of hiding in the kernel that is hard to detect". We agree. What we're asking is, why bother with virtualization at all?
Finally: the entire history of antivirus and malware detection is one of "tricky hacks". There is no rule book that says defenders must be clever, only that we must win. Sorry, Joanna: using "exotic timers" and "TLB sizing" to detect unexpected virtualization is not what we'd call a "pretty win". But we'll take that win anyways.
One of Joanna's comment was that you can just detect virtualization, not Blue Pill itself. What is your point of view?
Thomas Ptacek: Our research shows that if or when systems ever need to defend against malicious hypervisors, they can do so by searching out signs of unexpected virtualization and unauthorized hypervisors. Joanna is right to say that over the long term, we won't continue to be able to detect Blue Pill "by name", but wrong to suggest that we won't be able to spot unauthorized hypervisors.
Joanna's research over the last year, as well as our research over the last several months, and research from projects at Stanford and Google, all show that it is extraordinarily hard to hide a malicious hypervisor --- probably even harder than hiding conventional malware in the kernel. Joanna has improved Blue Pill in interesting ways, and I'm a fan of her work. But she has not shown that it is feasible to hide a hypervisor in a modern X86 system.
What makes you believe that we can't build a 100% invisible rootkit?
Thomas Ptacek: It's hard to build 100% undetectable rootkits because of a basic dilemma.
A rootkit has two goals: first, to serve the bidding of its master (usually by providing a backdoor entrance to a compromised computer), and second, to hide itself. But anywhere you try to a hide a backdoor will leave fingerprints. So rootkit authors and rootkit detectors have been in an arms race over the last ten years, each racing to get closer and closer to the OS kernel and the hardware so they can reprogram it to foil the opposing side.
The problem is, rootkits and detectors aren't on a level playing field. The OS and the hardware is on the detector's side. The closer a rootkit gets to the hardware (say, by virtualizing the whole machine to intercept detectors), the more work it has to do to keep the hardware from betraying it. We call this "cross-section", and if you're a rootkit author, you want to minimize it. Virtualized malware has a much bigger cross-section than conventional malware, because it gets between the running OS and the underlying hardware.
Eventually, the amount of work required to perfectly emulate an entire desktop computer, with all its under-documented exotic chipset features and hardware bugs, becomes intractable for rootkit authors: hard-to-detect rootkits get too expensive to write, and too slow to deploy stealthily.
Now, we're not saying we can easily detect all rootkits today. In the real world, rootkits are a huge pain for security teams to detect. We're just saying, we think we know how this game will end, and it isn't with virtualized rootkits foiling all possible detectors.
What detection techniques did you present at Blackhat?
Thomas Ptacek: Our team had been researching virtualized rootkit detection for over 9 months prior to Black Hat. In that time, working both together and independently, we conceived of several methods of detecting unauthorized hypervisors. We broke our methods down into three categories:
- Side-channel attacks, an idea borrowed from cryptography, which detect the resources (time and memory) that a hypervisor steals from a virtual machine when it is forced to intercept operations the virtual machine requests from the underlying hardware.
- Vantage point attacks, which detect important system functions (like exotic timers) that a hypervisor has failed to virtualize at all.
- Hypervisor bugs, which detect coding mistakes made in a hypervisor.