Formal requirements for virtualizable third generation architectures
Communications of the ACM
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Defeating Internet Attacks Using Risk Awareness and Active Honeypots
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Virtual Machines: Versatile Platforms for Systems and Processes (The Morgan Kaufmann Series in Computer Architecture and Design)
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Virtual Clusters on the Fly - Fast, Scalable, and Flexible Installation
CCGRID '07 Proceedings of the Seventh IEEE International Symposium on Cluster Computing and the Grid
Hiding Virtualization from Attackers and Malware
IEEE Security and Privacy
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
IEEE Security and Privacy
Compatibility is not transparency: VMM detection myths and realities
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Remote detection of virtual machine monitors with fuzzy benchmarking
ACM SIGOPS Operating Systems Review
Hi-index | 0.00 |
This paper proposes two complementary virtual machine monitor VMM detection methods. These methods can be used to detect any VMM that is designed for ×86 architecture. The first method works by finding probable discrepancies in hardware privilege levels of the guest operating system's kernel on which user applications run. The second method works by measuring the execution times of a set of benchmark programs and comparing them with the stored execution times of the same programmes previously ran on a trusted physical machine. Unlike other methods, our proportional execution time technique could not be easily thwarted by VMMs. In addition, using proportional execution times, there is no need for a trusted external source of time during detection. It is shown experimentally that the deployment of both methods together can detect the existence of four renowned VMMs, namely, Xen, VirtualBox, VMware, and Parallels, on both types of processors that support virtualisation technology VT-enabled or do not support it VT-disabled.