rear

IT Security: Going Three Levels Beyond Kernel Rootkit

IT Security: Going Three Levels Beyond Kernel Rootkit
By
Alan Dang

Alan DangAlan DangDr. Alan Dang, by day (and most nights), is an orthopedic spine surgeon. In his spare time, he is a veteran technology analyst with almost fifteen years of experience and is currently a special adviser and consulting editor with Tom's Hardware. He has particular expertise in computing security and everything related to The Cloud.

This article originally appeared on Tom’s Hardware.

We have the pleasure of chatting with Joanna Rutkowska, one of the top computing security innovators in the world. She is the founder and CEO of Invisible Things Lab (ITL), a boutique computer security consulting and research firm.

Alan: Joanna, thanks for taking the time to chat. Let's start with the basics for our readers. You've carved out a niche in the security world with your expertise on stealthy attacks, such as rootkits, and more recently by exposing vulnerabilities with virtual machines and low-level hardware. But before we go into all of this, why don't you tell us a little bit about yourself?

Joanna: I'm a researcher focusing on system-level security issues like the kernel, hypervisor, chipset, etc.  Researcher--not a bug hunter or a pen-tester. I'm more interested in fundamental problems rather then specific bugs affecting specific user software. For example, can the OS/platform provide any security to the user, despite its apps such as Adobe Reader or IE being potentially compromised? I believe in “Security by Isolation.”

Business-wise, I'm a founder and director of Invisible Things Lab (ITL), a boutique security research and consulting firm. I'm very proud of the team I managed to create at ITL, which includes Alexander Tereshkin and Rafal Wojtczuk, who are two of the most skilled researchers in the field of system-level security.

Recently, I've been becoming less and less of a "debugger-attached-researcher," gravitating towards a higher-level role, which is needed to supervise the work done by my team. I enjoy this new role of a director a lot, in fact.

Alan: It’s good to be the boss.  How did you get started in security research?

Joanna: That was so long ago that I don't remember now. ;)

Alan: Easier question then. What was your first computer and first computing memory? Mine’s a TI-99/4A, playing Parsec and Alpiner. I can still remember typing “OLD DSK1” as a three-year-old.

Joanna: It was PC/AT 286 running at a blazing speed of some 16MHz, if I remember correctly, and also having 2MB of RAM (I think that all was after a motherboard upgrade though). I was 11 when I started playing with it, and almost immediately started my adventure with GW-BASIC, and then after a year or so I switched to Borland’s Turbo Basic--that was really a killer, with its beautiful GUI and ability to actually build executables!

Alan: What’s a typical week at the office like?

Joanna: We're proud to be a truly modern company. We don't have any physical offices. Everybody works from home and we exchange all the stuff via encrypted email. There is no such thing as 9-to-5 work hours here. The work we do requires lots of creativity, and it would be silly to enforce any strict working hours.

For me personally, it’s especially important to take a nap during an afternoon. I cannot actually function too long without decent amount of sleep. I have actually never worked a single day in an office.

Alan: (laughs) So who’s the typical ITL customer?

Joanna: We direct our services primarily to system-level vendors.

Alan: So, the likes of BIOS manufacturers and individual corporations looking for a secure computing environment?

Joanna: I would stress the word vendors here, as we really are interested in being able to affect the technology. In my opinion the only rationale behind doing offensive research is to provide constructive criticism and change or improve the technology we have now. As such, ideally, we would like to work with both hardware (CPU/chipset) and software (BIOS/OS) vendors, as some of the cool new hardware technologies can be fully engaged only with the system software that is properly designed.

Alan: What's the configuration of your primary system?

Joanna: My primary desktop machine is an eight-core Mac Pro (2 x 2.8 GHz Intel Xeon) with 16 GB of DRAM and with a gorgeous 30" Apple monitor. It's the most beautiful desktop machine I've ever had--both when it comes to its aesthetics as well as GUI experience.

I also use a rather old black MacBook (Santa Rosa, Core 2 Duo 2.2 GHz, 4 GB of DRAM) as my general-purpose laptop. I've been postponing buying a new unibody sexy MacBook Pro because up until recently they have not supported more than 4 GB of DRAM (at least the 15" versions, which I prefer) which I've found discouraging.

I can still see the weak point of the Mac hardware though: the lack of TPM, TXT, VT-d, and the OS X system. I try to get around some of the limitations of the OS with virtualization.

I also use a number of PC-based hardware, both laptops and desktops. It strikes me how ugly most of the PC laptops are compared to Apple’s products, though. One exception being the Voodoo Envy 133--I just wish it came with a newer chipset, so I could rationalize the decision to buy it. ;)

Alan: I’ve been running two generations of 13” unibody MacBooks now. The 9400M is perfect and the Li-polymer battery in the new one is absolute amazing. Flying across the US with in-flight Wi-Fi while on a single charge is an epiphany. 

Joanna: Our conversation is becoming an Apple ad I guess. Maybe somebody at One Infinite Loop reads it and sends me a new 15” MacBook Pro in return?

Alan: Last of the intro questions: what’s your favorite non-tech hobby?

Joanna: A non-tech hobby? Hmm, you mean programming an autonomous hexapod robot with a brain based on two 8-bit AVR microcontrollers doesn't count?

Comments