VMM detection using privilege rings and benchmark execution times. (1st January 2013)
- Record Type:
- Journal Article
- Title:
- VMM detection using privilege rings and benchmark execution times. (1st January 2013)
- Main Title:
- VMM detection using privilege rings and benchmark execution times
- Authors:
- Sharifi, Mohsen
Salimi, Hadi
Saberi, Alireza
Gharibshah, Joobin - Abstract:
- This paper proposes two complementary virtual machine monitor (VMM) detection methods. These methods can be used to detect any VMM that is designed for ×86 architecture. The first method works by finding probable discrepancies in hardware privilege levels of the guest operating system's kernel on which user applications run. The second method works by measuring the execution times of a set of benchmark programmes and comparing them with the stored execution times of the same programmes previously ran on a trusted physical machine. Unlike other methods, our proportional execution time technique could not be easily thwarted by VMMs. In addition, using proportional execution times, there is no need for a trusted external source of time during detection. It is shown experimentally that the deployment of both methods together can detect the existence of four renowned VMMs, namely, Xen, VirtualBox, VMware, and Parallels, on both types of processors that support virtualisation technology (VT-enabled) or do not support it (VT-disabled).
- Is Part Of:
- International journal of communication networks and distributed systems. Volume 11:Number 3(2013)
- Journal:
- International journal of communication networks and distributed systems
- Issue:
- Volume 11:Number 3(2013)
- Issue Display:
- Volume 11, Issue 3 (2013)
- Year:
- 2013
- Volume:
- 11
- Issue:
- 3
- Issue Sort Value:
- 2013-0011-0003-0000
- Page Start:
- 310
- Page End:
- 326
- Publication Date:
- 2013-01-01
- Subjects:
- VMM detection -- virtualisation technology -- VT -- security -- malware detection -- cloud -- distributed system -- operating system -- kernel
Computer networks -- Periodicals
Telecommunication systems -- Periodicals
Electronic data processing -- Distributed processing -- Periodicals
004.6 - Journal URLs:
- http://www.inderscience.com/jhome.php?jcode=ijcnds ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1754-3916
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8428.xml