Where am I ? Operating System and Virtualization Identification Without System Calls
@inproceedings{Wright2017WhereAI, title={Where am I ? Operating System and Virtualization Identification Without System Calls}, author={Jason L. Wright}, year={2017} }
Operating systems provide a wealth of versioning information via system calls, but suppose one is given control of the instruction pointer and allowed to jump to a provided block of code. Is it possible to identify the operating system and other key conguration details (bit width, virtualization environment, etc.) without resorting to system calls? We show that a host can be ngerprinted without tripping over the easiest and most commonly monitored behavioral characteristics of applications…
5 Citations
BP: DECREE: A Platform for Repeatable and Reproducible Security Experiments
- Computer Science2018 IEEE Cybersecurity Development (SecDev)
- 2018
The challenges, trade-offs, lessons learned and the solutions (e.g., use a restricted instruction set) in creating DECREE, a repeatable and reproducible computing environment are detailed in this paper.
BP : DECREE : A Platform and Benchmark Corpus for Repeatable and Reproducible Security Experiments The DECREE Team
- Computer Science
- 2018
The challenges, trade-offs, lessons learned and the solutions (e.g., use a restricted instruction set) in creating DECREE, a repeatable and reproducible computing environment are detailed in this paper.
Detecting Hardware-Assisted Virtualization With Inconspicuous Features
- Computer ScienceIEEE Transactions on Information Forensics and Security
- 2021
Three new identified low-level inconspicuous features are showcased, which can be leveraged by an unprivileged adversary to effectively and stealthily detect the hardware-assisted virtualization.
Virtualization detection strategies and their outcomes in public clouds
- Computer Science2017 IEEE Asia Pacific Conference on Postgraduate Research in Microelectronics and Electronics (PrimeAsia)
- 2017
This paper shows how the three popular public clouds namely the Amazon EC2, Google Computing Engine and the Microsoft Azure clouds are vulnerable to virtualization detection and proposes and demonstrates a new approach for detecting virtualization, based on the location and size of the descriptor tables.
Security in hardware assisted virtualization for cloud computing - State of the art issues and challenges
- Computer ScienceComput. Networks
- 2019
References
SHOWING 1-9 OF 9 REFERENCES
Dune: Safe User-level Access to Privileged CPU Features
- Computer ScienceOSDI
- 2012
This work uses Dune to implement three user-level applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector, and greatly simplifies the implementation of these applications and provides significant performance advantages.
QEMU, a Fast and Portable Dynamic Translator
- Computer ScienceUSENIX Annual Technical Conference, FREENIX Track
- 2005
QEMU supports full system emulation in which a complete and unmodified operating system is run in a virtual machine and Linux user mode emulation where a Linux process compiled for one target CPU can be run on another CPU.
Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor
- Computer ScienceUSENIX Security Symposium
- 2000
An analysis of the virtualizability of all of the approximately 250 instructions of the Intel Pentium platform and address its ability to support a VMM.
Jails: confining the omnipotent root
- Computer Science
- 2000
In Jail, users with pri vilege find that the scope of their requests is limited to the jail, and system administrators are required to dele gate management capabilities for each virtual machine en viro ment.
p0f — passive os ngerprinting
- hp:
- 2000
jerry – A(nother) VMware Fingerprinter
- 2003
Further Down the VM Spiral: Detection of full and partial emulation for IA-32 virtual machines
- DEFCON
- 2006
Red Pill... or how to detect VMM using (almost) one CPU instruction
- hps://web.archive.org/web/
- 2004
ScoopyNG - e VMware detection tool
- 2008