INTRODUCING WINDOWS VISTA SECURITY

Abstract

Windows Vista introduces a number of security enhancements over prior versions of Microsoft Windows (including Windows XP SP2). The new kernel-mode security features in Windows Vista include among them:
• Driver signing [1]
• PatchGuard [2]
• Kernel-mode code integrity checks [3]
• Optional support for Secure Bootup using a TPM hardware chip [4]
• Restricted user-mode access to DevicePhysicalMemory [5]
These changes may secure the kernel of Windows Vista 64-bit Edition significantly; even when compared to that of Linux or Mac OS X. The contributions of this paper are: (1) a thorough analysis of the kernel-mode security components through reverse engineering and (2) an assessment of potential kernel-mode attacks.