Corpus ID: 198909028

Where am I ? Operating System and Virtualization Identification Without System Calls

@inproceedings{Wright2017WhereAI,
  title={Where am I ? Operating System and Virtualization Identification Without System Calls},
  author={J. L. Wright},
  year={2017}
}

Published 2017

Operating systems provide a wealth of versioning information via system calls, but suppose one is given control of the instruction pointer and allowed to jump to a provided block of code. Is it possible to identify the operating system and other key conguration details (bit width, virtualization environment, etc.) without resorting to system calls? We show that a host can be ngerprinted without tripping over the easiest and most commonly monitored behavioral characteristics of applications… CONTINUE READING

Share This Paper

Top 3 of 4 Citations

BP: DECREE: A Platform for Repeatable and Reproducible Security Experiments

L. Yan, B. Price, … C. Wood2018 IEEE Cybersecurity Development (SecDev)2018

Detecting Hardware-Assisted Virtualization With Inconspicuous Features

Zhi Zhang, Yueqiang Cheng, … Yi ZouIEEE Transactions on Information Forensics and Security2021

Virtualization detection strategies and their outcomes in public clouds

B. Asvija, R. Eswari, M. B. Bijoy2017 IEEE Asia Pacific Conference on Postgraduate Research in Microelectronics and Electronics (PrimeAsia)2017

Supplemental Presentations

PRESENTATION SLIDES

Where am I ? Operating System and Virtualization Identification Without System Calls

Tables from this paper.

Tables

BP: DECREE: A Platform for Repeatable and Reproducible Security Experiments

L. Yan, B. Price, +10 authors C. Wood
Computer Science
2018

1

Detecting Hardware-Assisted Virtualization With Inconspicuous Features

Zhi Zhang, Yueqiang Cheng, Yansong Gao, S. Nepal, D. Liu, Yi Zou
Computer Science
2021

1

Virtualization detection strategies and their outcomes in public clouds

B. Asvija, R. Eswari, M. B. Bijoy
Computer Science
2017

1

BP : DECREE : A Platform and Benchmark Corpus for Repeatable and Reproducible Security Experiments The DECREE Team

2018

References

Publications referenced by this paper.

SHOWING 1-9 OF 9 REFERENCES

QEMU, a Fast and Portable Dynamic Translator

F. Bellard
Computer Science
2005

2,227
PDF

Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor

John Scott Robin, C. Irvine
Computer Science
2000

325
PDF

Dune: Safe User-level Access to Privileged CPU Features

Adam Belay, Andrea Bittau, A. Mashtizadeh, David Terei, David Mazières, C. Kozyrakis
Computer Science
2012

203
PDF

Jails: confining the omnipotent root

Peter van der Kamp, R. Watson
Computer Science
2000

299
PDF

p0f — passive os ngerprinting

2000

Further Down the VM Spiral: Detection of full and partial emulation for IA-32 virtual machines

2006

Red Pill... or how to detect VMM using (almost) one CPU instruction

2004

ScoopyNG - e VMware detection tool

2008

jerry – A(nother) VMware Fingerprinter

2003