This presentation given at RSA 2007 by N. Lawson present the evolution of the copy protection over the years. The presentation focus on the central point of protectiont : asymmetry. Asymmetry is property that occurs when “forward operation is cheaper than reverse”.
As illustration it explain that if creating a copy is more expensive than buying the soft then asymmetry occurs. Of course this never happen for digital media, but if you think about paper book it is quite acheived : Ripping a book take endless hours and cost a lot. In this context most people prefers to buy their own original.
The slide about asymmetry for copy protection is a good summary of existing techniques and the analysis of Xbox 360 security is very neat. Overall this is a pleasant reading that present clearly the key points of today copy protection.
N. Lawson is the co-designer of the Blue-ray disc content protection layer and own root.org
Get the slides from root.org here or the local copy local copy
This article is written by K. Kasslin one of the f-secure virus expert. It as been publish in AVAR 2006. This paper analyse how to execute a virus in windows Xp kernel mode. The core of the article details the key techniques to hook a program into the kernel namely:
- The use of a Kernel drivers
- The use of Call Gates
It also present how a virus can use kernel mode support routine to allocate memory, store file on file system, and modify the registry.This presentation is exemplified by two virus case study: HaxDoor and Costrat.
This paper is highly technical and requires a good understanding of windows kernel to understand it. It is well written and the presentation of known and not so known kernel hooking techniques is well down. I also like the two case study. It show how each virus protect them self and hide.
However the reverse of the virus in assembler is very hard to follow. In particular figure 5 is way to small. The other regret is that this paper does not explain how a virus use kernel routine to setup an network connection. I know that it is a hard topic but in this form the paper is not self contained. Having a long version of this work would have been nice or at least a tech report.
In conclusion, this paper give an insight of what upcoming virus will look like and help to understand why it is so hard to detect and remove them. A good paper for any one interested in virus.
Latest Comments