Corpus ID: 198909028

Where am I ? Operating System and Virtualization Identification Without System Calls

  title={Where am I ? Operating System and Virtualization Identification Without System Calls},
  author={J. L. Wright},
Operating systems provide a wealth of versioning information via system calls, but suppose one is given control of the instruction pointer and allowed to jump to a provided block of code. Is it possible to identify the operating system and other key con€guration details (bit width, virtualization environment, etc.) without resorting to system calls? We show that a host can be €ngerprinted without tripping over the easiest and most commonly monitored behavioral characteristics of applications… Expand

Tables from this paper

BP: DECREE: A Platform for Repeatable and Reproducible Security Experiments
The challenges, trade-offs, lessons learned and the solutions (e.g., use a restricted instruction set) in creating DECREE, a repeatable and reproducible computing environment are detailed in this paper. Expand
BP : DECREE : A Platform and Benchmark Corpus for Repeatable and Reproducible Security Experiments The DECREE Team
  • 2018
Reproducibility is one of the core tenets of science. Researchers must be able to independently verify scientific theories and research results; practitioners need to able to trust test results andExpand
Detecting Hardware-Assisted Virtualization With Inconspicuous Features
Three new identified low-level inconspicuous features are showcased, which can be leveraged by an unprivileged adversary to effectively and stealthily detect the hardware-assisted virtualization. Expand
Virtualization detection strategies and their outcomes in public clouds
  • B. Asvija, R. Eswari, M. B. Bijoy
  • Computer Science
  • 2017 IEEE Asia Pacific Conference on Postgraduate Research in Microelectronics and Electronics (PrimeAsia)
  • 2017
This paper shows how the three popular public clouds namely the Amazon EC2, Google Computing Engine and the Microsoft Azure clouds are vulnerable to virtualization detection and proposes and demonstrates a new approach for detecting virtualization, based on the location and size of the descriptor tables. Expand


Dune: Safe User-level Access to Privileged CPU Features
This work uses Dune to implement three user-level applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector, and greatly simplifies the implementation of these applications and provides significant performance advantages. Expand
QEMU, a Fast and Portable Dynamic Translator
  • Fabrice Bellard
  • Computer Science
  • USENIX Annual Technical Conference, FREENIX Track
  • 2005
QEMU supports full system emulation in which a complete and unmodified operating system is run in a virtual machine and Linux user mode emulation where a Linux process compiled for one target CPU can be run on another CPU. Expand
Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor
An analysis of the virtualizability of all of the approximately 250 instructions of the Intel Pentium platform and address its ability to support a VMM. Expand
Jails: confining the omnipotent root
In Jail, users with pri vilege find that the scope of their requests is limited to the jail, and system administrators are required to dele gate management capabilities for each virtual machine en viro ment. Expand
p0f — passive os €ngerprinting
  • hŠp:
  • 2000
ScoopyNG - Œe VMware detection tool
  • 2008
Further Down the VM Spiral: Detection of full and partial emulation for IA-32 virtual machines
  • 2006
Red Pill... or how to detect VMM using (almost) one CPU instruction
  • hŠps://
  • 2004
jerry – A(nother) VMware Fingerprinter
  • 2003