Trace cache: a low latency approach to high bandwidth instruction fetching
Proceedings of the 29th annual ACM/IEEE international symposium on Microarchitecture
Formal requirements for virtualizable third generation architectures
Communications of the ACM
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Data lifetime is a systems problem
Proceedings of the 11th workshop on ACM SIGOPS European workshop
A comparison of software and hardware techniques for x86 virtualization
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Virtual playgrounds for worm behavior investigation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Emulating emulation-resistant malware
Proceedings of the 1st ACM workshop on Virtual machine security
Application-level reconnaissance: timing channel attacks against antivirus software
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
A technique for remote detection of certain virtual machine monitors
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
A survey of security issues in hardware virtualization
ACM Computing Surveys (CSUR)
VMM detection using privilege rings and benchmark execution times
International Journal of Communication Networks and Distributed Systems
Hi-index | 0.00 |
We study the remote detection of virtual machine monitors (VMMs) across the Internet, and devise fuzzy benchmarking as an approach that can successfully detect the presence or absence of a VMM on a remote system. Fuzzy benchmarking works by making timing measurements of the execution time of particular code sequences executing on the remote system. The fuzziness comes from heuristics which we employ to learn characteristics of the remote system's hardware and VMM configuration. Our techniques are successful despite uncertainty about the remote machine's hardware configuration.