Inlämning av Examensarbete / Submission of Thesis

Emil Persson; Joel Mattsson , pp. 31. COM/School of Computing, 2012.

The work

Författare / Author: Emil Persson, Joel Mattsson
Titel / Title: Debug register rootkits - A study of malicious use of the IA-32 debug registers
Abstrakt Abstract:

The debug register rootkit is a special type of rootkit that has existed for over a decade, and is told to be undetectable by any scanning tools. It exploits the debug registers in Intel’s IA-32 processor architecture. This paper investigates the debug register rootkit to find out why it is considered a threat, and which malware removal tools have implemented detection algorithms against this threat. By implementing and running a debug register rootkit against the most popular Linux tools, new conclusions about the protection of the Linux system can be reached.

Recently, debug register rootkits were found on Windows as well. This project intends to bring knowledge about the problem and investigate if there are any threats.

Our study has shown that still after 12 years, the most popular tools for the Linux operating system have not implemented any detection algorithms against this threat. The security industry may need to prepare for this threat in case it is spread further.

Ämnesord / Subject: Datavetenskap - Computer Science\Software Engineering
Säkerhetsteknik - Security Engineering
Nyckelord / Keywords: Debug register, rootkit, IA-32, memory forging, Linux

Publication info

Dokument id / Document id: houn-8x7ctj
Program:/ Programme IT-säkerhet/Security Engineering
Registreringsdatum / Date of registration: 08/15/2012
Uppsatstyp / Type of thesis: C-Uppsats

Context

Handledare / Supervisor: Ewa Osekowska
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: COM/School of Computing

+46 455 38 50 00

Files & Access

Bifogad uppsats fil(er) / Files attached: bth2012persson.pdf (1203 kB, öppnas i nytt fönster)