Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Debug register rootkits: A study of malicious use of the IA-32 debug registers
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2012 (English)Independent thesis Basic level (degree of Bachelor)Student thesisAlternative title
Debug Registers Rootkits : En studie av illasinnad användning av IA-32 debug register (Swedish)
Abstract [en]

The debug register rootkit is a special type of rootkit that has existed for over a decade, and is told to be undetectable by any scanning tools. It exploits the debug registers in Intel’s IA-32 processor architecture. This paper investigates the debug register rootkit to find out why it is considered a threat, and which malware removal tools have implemented detection algorithms against this threat. By implementing and running a debug register rootkit against the most popular Linux tools, new conclusions about the protection of the Linux system can be reached. Recently, debug register rootkits were found on Windows as well. This project intends to bring knowledge about the problem and investigate if there are any threats. Our study has shown that still after 12 years, the most popular tools for the Linux operating system have not implemented any detection algorithms against this threat. The security industry may need to prepare for this threat in case it is spread further.

Place, publisher, year, edition, pages
2012. , p. 37
Keywords [en]
Debug register, rootkit, IA-32, memory forging, Linux
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-3609Local ID: oai:bth.se:arkivex3B5B1F25581D1001C1257A23006B5530OAI: oai:DiVA.org:bth-3609DiVA, id: diva2:830919
Uppsok
Technology
Supervisors
Available from: 2015-04-22 Created: 2012-06-20 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

fulltext(1176 kB)876 downloads
File information
File name FULLTEXT01.pdfFile size 1176 kBChecksum SHA-512
a1638249e174010eb9f954af929be0c600718a6da070b67941c6d596b1733f06baccc6c4900aa94d6d0d013cd13c73186032a49e5cff85073bbedd8ad516d042
Type fulltextMimetype application/pdf

By organisation
School of Computing
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 876 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 190 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf