Below is a list of select papers and projects I have authored (or co-authored) over the past ~10 years, sorted by topic, and in inverse chronoloigical order.

Qubes OS and Security through Compartmentalization (defensive work)

  • Qubes OS (generally), 2010-2015, website
  • Software compartmentalization vs. physical separation, 2014, paper
  • Converting untrusted PDFs into trusted ones: The Qubes Way, 2013, post
  • Playing with Qubes Networking for Fun and Profit, 2011, post
  • Anti Evil Maid, 2011, post, code
  • USB Security Challenges, 2011, post
  • Disposable VMs, 2010, post
  • Qubes OS Architecture, 2010, paper
  • Running Vista Every Day! (Poorman’s compartmentalization on MS Windows), 2006, article

Trusted Computing & Virtualization (attacks mostly)

  • Exploring new lands on Intel CPUs (SINIT code execution hijacking), 2011, post, paper
  • Following the White Rabbit: Software Attacks Against Intel VT-d, 2011, paper
  • Another Way to Circumvent Intel® Trusted Execution Technology, 2009, paper
  • Virtualization (In)Security Traning at Black Hat, 2009, agenda
  • Attacking Intel® Trusted Execution Technology, 2009, paper, post
  • Bluepilling the Xen Hypervisor, 2008, slides, post
  • Detecting & Preventing the Xen Hypervisor Subversions, 2008, slides post
  • Security Challenges in Virtualized Environments, 2008, slides

Rootkits and Stealth Malware (offensive and defensive work)

  • Evil Maid goes after TrueCrypt!, 2009, post, poc
  • Attacking SMM Memory via Intel® CPU Cache Poisoning, 2009, paper,
  • Understanding Stealth Malware Training at Black Hat, 2007, post
  • Beyond The CPU: Cheating Hardware Based RAM Forensics, 2007, paper, post
  • IsGameOver() Anyone?, 2007, slides
  • Subverting Vista Kernel for Fun and Profit (incl. introduction of Blue Pill), post, slides
  • Introducing Stealth Malware Taxonomy, 2006, post, paper
  • Rootkit Hunting vs. Compromise Detection, 2006, slides
  • System Virginity Verifier, 2005, slides
  • Cross-view detection thoughts, 2005, article
  • Implementation of Passive Covert Channels in the Linux Kernel (NUSHU), 2004, paper, slides
  • redpill… or how to detect VMM using (almost) one CPU instruction, 2004, paper
  • Concepts for the Stealth Windows Rootkit (The Chameleon Project), 2003, paper