• Corpus ID: 198909028

Where am I ? Operating System and Virtualization Identification Without System Calls

@inproceedings{Wright2017WhereAI,
  title={Where am I ? Operating System and Virtualization Identification Without System Calls},
  author={Jason L. Wright},
  year={2017}
}
Operating systems provide a wealth of versioning information via system calls, but suppose one is given control of the instruction pointer and allowed to jump to a provided block of code. Is it possible to identify the operating system and other key con€guration details (bit width, virtualization environment, etc.) without resorting to system calls? We show that a host can be €ngerprinted without tripping over the easiest and most commonly monitored behavioral characteristics of applications… 
thought.net
5 Citations
Background Citations
4

Tables from this paper

5 Citations

BP: DECREE: A Platform for Repeatable and Reproducible Security Experiments
TLDR
The challenges, trade-offs, lessons learned and the solutions (e.g., use a restricted instruction set) in creating DECREE, a repeatable and reproducible computing environment are detailed in this paper.
BP : DECREE : A Platform and Benchmark Corpus for Repeatable and Reproducible Security Experiments The DECREE Team
  • Computer Science
  • 2018
TLDR
The challenges, trade-offs, lessons learned and the solutions (e.g., use a restricted instruction set) in creating DECREE, a repeatable and reproducible computing environment are detailed in this paper.
Detecting Hardware-Assisted Virtualization With Inconspicuous Features
TLDR
Three new identified low-level inconspicuous features are showcased, which can be leveraged by an unprivileged adversary to effectively and stealthily detect the hardware-assisted virtualization.
Virtualization detection strategies and their outcomes in public clouds
  • B. AsvijaR. EswariM. B. Bijoy
  • Computer Science
    2017 IEEE Asia Pacific Conference on Postgraduate Research in Microelectronics and Electronics (PrimeAsia)
  • 2017
TLDR
This paper shows how the three popular public clouds namely the Amazon EC2, Google Computing Engine and the Microsoft Azure clouds are vulnerable to virtualization detection and proposes and demonstrates a new approach for detecting virtualization, based on the location and size of the descriptor tables.
Security in hardware assisted virtualization for cloud computing - State of the art issues and challenges

References

SHOWING 1-9 OF 9 REFERENCES
Dune: Safe User-level Access to Privileged CPU Features
TLDR
This work uses Dune to implement three user-level applications that can benefit from access to privileged hardware: a sandbox for untrusted code, a privilege separation facility, and a garbage collector, and greatly simplifies the implementation of these applications and provides significant performance advantages.
QEMU, a Fast and Portable Dynamic Translator
  • Fabrice Bellard
  • Computer Science
    USENIX Annual Technical Conference, FREENIX Track
  • 2005
TLDR
QEMU supports full system emulation in which a complete and unmodified operating system is run in a virtual machine and Linux user mode emulation where a Linux process compiled for one target CPU can be run on another CPU.
Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor
TLDR
An analysis of the virtualizability of all of the approximately 250 instructions of the Intel Pentium platform and address its ability to support a VMM.
Jails: confining the omnipotent root
TLDR
In Jail, users with pri vilege find that the scope of their requests is limited to the jail, and system administrators are required to dele gate management capabilities for each virtual machine en viro ment.
p0f — passive os €ngerprinting
  • hŠp:
  • 2000
jerry – A(nother) VMware Fingerprinter
  • 2003
Further Down the VM Spiral: Detection of full and partial emulation for IA-32 virtual machines
  • DEFCON
  • 2006
Red Pill... or how to detect VMM using (almost) one CPU instruction
  • hŠps://web.archive.org/web/
  • 2004
ScoopyNG - Œe VMware detection tool
  • 2008