Phoenix Partners With Rutkowska in Securing Hypervisor

New ultra-thin hypervisor will benefit from further Blue Pill research

Dark Reading logo in a gray background | Dark Reading

Phoenix Technologies has teamed up with researcher and stealth malware expert Joanna Rutkowska and her company, Invisible Things Lab, to help secure an ultra-thin hypervisor that the firmware company is currently building. The company also plans to support further development of Rutkowska's famed Blue Pill virtualized rootkit prototype -- for thin hypervisor research. (See Blue Pill Gets a Refill.)

Rutkowska, founder of Invisible Things Lab, says the problem with most hypervisors today is that they are too large, which leaves them open to complexity, and therefore, vulnerabilities. "We should make sure our VMMs (hypervisors) are as thin as possible. Today, that's not the case. They're too big, almost like conventional OSes," she says.

Phoenix's new, slimmed-down hypervisor technology aims to make that footprint smaller, and will run embedded operating systems within its virtual machines. According to a Phoenix slide presentation to investors, the hypervisor's architecture is resistant to rootkits.

The first iteration of HyperCore will provide two operating systems -- one Vista-like OS and another small, custom, secure OS developed by Phoenix, according to Rutkowska.

"The user will be able to switch between those OSes on the fly, using special key combination," she says. That way, a user could use the hardened, smaller OS to do online banking transactions, for instance, she says.

Phoenix officials declined to comment on the as-yet unannounced product.

"Phoenix is in a unique position -- they are one of the biggest BIOS providers for all those PCs around the world," Rutkowska says. "The HyperCore hypervisor will be loaded from within BIOS, before any other OS. This gives unprecedented possibilities, both from a security and a usability point of view."

And Phoenix plans to leverage Invisible Things Lab's Blue Pill technology. "Phoenix would like to use our experience with thin hypervisors -- Blue Pill is a very thin hypervisor -- to make sure that their product will be secure and effective," Rutkowska says.

Rutkowska says Phoenix will support further research on Blue Pill, and will use it as a testbed for trying out new features for HyperCore, such as so-called "nested" virtualization (think Blue Pill within a Blue Pill). (See Blue Pill Gets a Refill and Hacker Smackdown.)

"Blue Pill should be understood as a research project into virtualization technology, not malware," she says. "Malware is just one application."

Rutkowska, who will speak at the upcoming SecTor security conference in Toronto, expects the new Blue Pill research, including code, to be made available to other researchers.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

2007

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights