Remote detection of virtual machine monitors with fuzzy benchmarking

Authors:
Jason Franklin;Mark Luk;Jonathan M. McCune;Arvind Seshadri;Adrian Perrig;Leendert van Doorn
Affiliations:
Carnegie Mellon University;Carnegie Mellon University;Carnegie Mellon University;Carnegie Mellon University;Carnegie Mellon University;Advanced Micro Devices
Venue:
ACM SIGOPS Operating Systems Review
Year:
2008

Citing 12
Cited 6

Trace cache: a low latency approach to high bandwidth instruction fetching

Proceedings of the 29th annual ACM/IEEE international symposium on Microarchitecture
Formal requirements for virtualizable third generation architectures

Communications of the ACM
How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
Remote Physical Device Fingerprinting

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems

Proceedings of the twentieth ACM symposium on Operating systems principles
Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Proceedings of the twentieth ACM symposium on Operating systems principles
SubVirt: Implementing malware with virtual machines

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Data lifetime is a systems problem

Proceedings of the 11th workshop on ACM SIGOPS European workshop
A comparison of software and hardware techniques for x86 virtualization

Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Understanding data lifetime via whole system simulation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Virtual playgrounds for worm behavior investigation

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Emulating emulation-resistant malware

Proceedings of the 1st ACM workshop on Virtual machine security
Application-level reconnaissance: timing channel attacks against antivirus software

LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
A technique for remote detection of certain virtual machine monitors

INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Virtualization: Issues, security threats, and solutions

ACM Computing Surveys (CSUR)
A survey of security issues in hardware virtualization

ACM Computing Surveys (CSUR)
VMM detection using privilege rings and benchmark execution times

International Journal of Communication Networks and Distributed Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We study the remote detection of virtual machine monitors (VMMs) across the Internet, and devise fuzzy benchmarking as an approach that can successfully detect the presence or absence of a VMM on a remote system. Fuzzy benchmarking works by making timing measurements of the execution time of particular code sequences executing on the remote system. The fuzziness comes from heuristics which we employ to learn characteristics of the remote system's hardware and VMM configuration. Our techniques are successful despite uncertainty about the remote machine's hardware configuration.