Joanna Rutkowska
Joanna Rutkowska | |
---|---|
Evil Maid attack, Qubes OS | |
Website | blog |
Joanna Rutkowska (born 1981 in
Career
She became known in the security community after the Black Hat Briefings conference in Las Vegas in August 2006, where Rutkowska presented an attack against Vista kernel protection mechanism, and also a technique dubbed Blue Pill, that used hardware virtualization to move a running OS into a virtual machine. Subsequently, she has been named one of Five Hackers who Put a Mark on 2006 by eWeek Magazine for her research on the topic.[3] The original concept of Blue Pill was published by another researcher at IEEE Oakland in May 2006 under the name VMBR.[4]
During the following years, Rutkowska continued to focus on low-level security. In 2007 she demonstrated that certain types of hardware-based memory acquisition (e.g.
In April 2007, Rutkowska founded Invisible Things Lab in Warsaw, Poland. The company focuses on OS and VMM security research and provides various consulting services. In a 2009 blog post she coined the term "evil maid attack", detailing a method for accessing encrypted data on disk by compromising the firmware via an external USB flash drive.[9]
In 2010, she and Rafal Wojtczuk began working on the
She has published seminal works on systems trustability, most recently Intel x86 Considered Harmful[13] and State Considered Harmful - A Proposal for a Stateless Laptop.[14] Rutkowska has been invited as an esteemed presenter at security conferences, such as Chaos Communication Congress, Black Hat Briefings, HITB, RSA Conference, RISK, EuSecWest & Gartner IT Security Summit.
References
- ^ "About". Invisible Things Lab. Archived from the original on 6 June 2016. Retrieved 12 June 2016.
- ^ Porup, J. M. (5 October 2015). "Finally, a 'Reasonably-Secure' Operating System: Qubes R3". Vice: Motherboard. Retrieved 20 November 2017.
'Security by Isolation,' as Qubes founder Joanna Rutkowska puts it.
- ^ Naraine, Ryan (2 January 2007). "Five Hackers Who Left a Mark on 2006". eWeek. Retrieved 11 June 2016.
- S2CID 1349303.
- ^ Rutkowska, Joanna (28 February 2007). Beyond The CPU: Defeating Hardware Based RAM Acquisition (PDF). Black Hat DC. Washington, D.C.
- ^ Rutkowska, Joanna; Tereshkin, Alexander (8 February 2007). IsGameOver(), anyone? (PDF). Black Hat USA. Las Vegas, Nevada.
- ^ Walker-Morgan, Dj (12 August 2008). "Xen virtualisation swallows a "Blue Pill"". The H. Archived from the original on 8 December 2013.
- ^ Attacking Intel Trusted Execution Technology
- ^ Rutkowska, Joanna (16 October 2009). "The Invisible Things Lab's blog: Evil Maid goes after TrueCrypt!". The Invisible Things Lab's blog. Retrieved 30 October 2018.
- ^ "Introducing Qubes 1.0!". blog.invisiblethings.org. Retrieved 1 February 2017.
- ^ @Snowden (29 September 2016). "If you're serious about security, @QubesOS is the best OS available today. It's what I use, and free. Nobody does VM isolation better" (Tweet) – via Twitter.
- ^ @hashbreaker (15 March 2015). "Happy thought of the day: An attacker who merely finds a browser bug can't listen to my microphone except when I've told Qubes to enable it" (Tweet) – via Twitter.
- ^ Rutkowska, Joanna (October 2015). "Intel x86 considered harmful" (PDF). The Invisible Things. Retrieved 12 June 2016.
- ^ Rutkowska, Joanna (December 2015). "State Considered Harmful - A Proposal for a Stateless Laptop" (PDF). The Invisible Things. Retrieved 12 June 2016.