A Technique for Remote Detection of Certain Virtual Machine Monitors

Christopher Jämthagen, Martin Hell, Ben Smeets

Forskningsoutput: Kapitel i bok/rapport/Conference proceedingKapitel samlingsverkPeer review

Sammanfattning

The ability to detect a virtualized environment has both malicious and non-malicious uses. This paper reveals a new exploit and technique that can be used to remotely detect VMware Workstation, VMware Player and VirtualBox. The detection based on this technique can be done completely passively in that there is no need to have access to the remote machine and no network connections are initiated by the verifier. Using only information in the IP packet together with information sent in the user-agent string in an HTTP request, it is shown how to detect that the traffic originates from a guest in VMware Workstation, VMware Player or VirtualBox client. The limitation is that NAT has to be turned on and that the host and guest need to run different operating system families, e.g., Windows/Linux.
Originalspråkengelska
Titel på värdpublikationTrusted Systems
Undertitel på värdpublikationThird International Conference, INTRUST 2011, Beijing, China, November 27-29, 2011, Revised Selected Papers
FörlagSpringer
Sidor129-137
Volym7222
ISBN (elektroniskt)978-3-642-32298-3
ISBN (tryckt)978-3-642-32297-6
DOI
StatusPublished - 2011
EvenemangThe Third International Conference on Trusted Systems, INTRUST 2011 - Beijing
Varaktighet: 2011 nov. 272011 nov. 29

Publikationsserier

NamnLecture Notes in Computer Science
FörlagSpringer
Volym7222
ISSN (tryckt)0302-9743
ISSN (elektroniskt)1611-3349

Konferens

KonferensThe Third International Conference on Trusted Systems, INTRUST 2011
Period2011/11/272011/11/29

Ämnesklassifikation (UKÄ)

  • Elektroteknik och elektronik

Fingeravtryck

Utforska forskningsämnen för ”A Technique for Remote Detection of Certain Virtual Machine Monitors”. Tillsammans bildar de ett unikt fingeravtryck.

Citera det här