Week 6 Flashcards
What are virtual machines and what are the technical support for it?
Running different operating systems on the same machine is virtualisation.
There is:
Software Layer - Hypervisor for virtualising and managing resources
Hardware Layer - Hardware extensions like Intel VT-x for improving performance
What is confinement and what are the levels of it?
Restricting the impact of a compromised component on other components. It can be on the OS level or Process level
What are the benefits of Virtualisation?
Can perform malware analysis on it
The malware cannot cause damages outside the VM
The behaviour can be observed from the host OS
What are the limitations of Virtualisation?
- The hypervisor increases the surface area, making it a potential target for attackers
- The hypervisor operates with a higher priority than the OS kernel so if the attacker compromises it, they can gain full control of the system
- Multiple VMs share the same hardware resources so the performance can be affected
TLDR: Large code base, More privilege, Share hardware resource
Challenges of malware analysis with virtualisation?
- It may not run with trusted Execution Environment (TEE)
- There may be semantic gaps between high level activities in the VM and observed low level behaviours
- A smart malware could figure out they are running in a VM, not the actual environment
