Corpus ID: 198909028

Where am I ? Operating System and Virtualization Identification Without System Calls

  title={Where am I ? Operating System and Virtualization Identification Without System Calls},
  author={J. L. Wright},
  • J. L. Wright
  • Published 2017
  • Operating systems provide a wealth of versioning information via system calls, but suppose one is given control of the instruction pointer and allowed to jump to a provided block of code. Is it possible to identify the operating system and other key con€guration details (bit width, virtualization environment, etc.) without resorting to system calls? We show that a host can be €ngerprinted without tripping over the easiest and most commonly monitored behavioral characteristics of applications… CONTINUE READING

    Tables from this paper.

    BP: DECREE: A Platform for Repeatable and Reproducible Security Experiments
    • 1
    Detecting Hardware-Assisted Virtualization With Inconspicuous Features
    • 1
    Virtualization detection strategies and their outcomes in public clouds
    • 1


    Publications referenced by this paper.
    QEMU, a Fast and Portable Dynamic Translator
    • 2,227
    • PDF
    Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor
    • 325
    • PDF
    Dune: Safe User-level Access to Privileged CPU Features
    • 203
    • PDF
    Jails: confining the omnipotent root
    • 299
    • PDF
    p0f — passive os €ngerprinting
    • 2000
    Further Down the VM Spiral: Detection of full and partial emulation for IA-32 virtual machines
    • 2006
    Red Pill... or how to detect VMM using (almost) one CPU instruction
    • 2004
    ScoopyNG - Œe VMware detection tool
    • 2008
    jerry – A(nother) VMware Fingerprinter
    • 2003