Abstract
Virtualization based upon Virtual Machines is a central building block of Trusted Computing, and it is believed to offer isolation and confinement of privileged instructions among other security benefits. However, it is not necessarily bullet-proof — some recent publications have shown that Virtual Machine technology could potentially allow the installation of undetectable malware root kits. As a result, it was suggested that such virtualization attacks could be mitigated by checking if a threatened system runs in a virtualized or in a native environment. This naturally raises the following problem: Can a program determine whether it is running in a virtualized environment, or in a native machine environment? We prove here that, under a classical VM model, this problem is not decidable. Further, although our result seems to be quite theoretic, we also show that it has practical implications on related virtualization problems.
Chapter PDF
Similar content being viewed by others
Keywords
- Virtual Machine
- Virtualized Environment
- Trust Computing
- Virtual Machine Migration
- Virtual Machine Monitor
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Advanced Micro Devices, Pacifica — AMD Secure Virtual Machine Architecture Reference Manual, AMD (2005)
Attanasio, C.R.: Virtual Machines and Data Security. In: Proceedings of the Workshop on Virtual Computer Systems, pp. 206–209 (1973)
Bernstein, D.J.: Cache-timing attacks on AES, 37 pages (2005), http://cr.yp.to/papers.html/cachetiming
Bishop, M.: Computer Security: Art and Science. Addison Wesley Professional, Reading (2003)
Carpenter, M., Liston, T., Skoudis, E.: Hiding Virtualization from Attackers and Malware. IEEE Security and Privacy 5(3), 62–65 (2007)
Chen, Y., England, P., Peinado, M., Willman, B.: High Assurance Computing on Open Hardware Architectures, Microsoft Technical Report, MSR-TR-2003-20 (March 2003)
Cohen, F.B.: Computer Viruses: Theory and Experiments. Computers and Security 6, 22–35 (1987)
Dignan, L.: Virtualization: What are the security risks? ZDNet.com (January 22, 2008)
Dinda, P.A.: Addressing the trust asymmetry problem in grid computing with encrypted computation. In: Proceedings of the 7th Workshop on Languages, Compilers, and Run-time support for scalable systems, pp. 1–7 (2004)
England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A Trusted Open Platform. IEEE Computer 36(7), 55–62 (2003)
Ferrie, P.: Attacks on Virtual Machine Emulators. In: AVAR 2006, Auckland, New Zealand, December 3-5 (2006)
Franklin, J., Luk, M., McCune, J., Seshadri, A., Perrig, A., van Doorn, L.: Remote Virtual Machine Monitor Detection. In: ARO-DARPA-DHS Special Workshop on Botnets, Arlington, VA (June 2006)
Franklin, J., Luk, M., McCune, J., Seshadri, A., Perrig, A., van Doorn, L.: Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking. ACM SIGOPS Operating System Review (Special Issue on Computer Forensics) (April 2008)
Franklin, J., Luk, M., McCune, J., Seshadri, A., Perrig, A., van Doorn, L.: Towards Sound Detection of Virtual Machines. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection: Countering the Largest Security Threat, November 2007. Springer, Heidelberg (2007)
Galli, P.: Microsoft puts IE enhancements of fast track. Interview with Bill Gates in eWeek 22(18) (2006)
Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is Not Transparency: VMM Detection Myths and Realities. In: Proceedings of the 11th Workshop on Hot Topics in Operating Systems (HotOS-XI), (May 2007)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (2003)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection-based architecture for intrusion detection. In: Proceedings of the 2003 Network and Distributed Systems Symposium (NDSS 2003) (2003)
Ghodke, N., Figueiredo, R.J.: On the Implications of Machine Virtualization for DRM and Fair Use: A Case Study of a Virtual Audio Device Driver. In: Proceedings of 4th ACM DRM Workshop (2004)
Goldberg, R.P.: Architecture of virtual machines. In: Proceedings of the Workshop on Virtual Computer Systems, pp. 74–112 (1973)
Goldberg, R.P.: Survey of virtual machine research. IEEE Computer Magazine 7, 34–45 (1974)
Goldreich, O., Rosenberg, A.L., Selman, A.L. (eds.): Theoretical Computer Science. LNCS, vol. 3895. Springer, Heidelberg (2006)
Grawrock, D.: The Intel Safer Computing Initiative: Building Blocks for Trusted Computing. Intel Press (2006)
Hopcroft, J.E., Ullman, J.D.: Introduction to Automata Theory, Languages, and Computation. Addison-Wesley Publishing Company, Reading (1979)
Karger, P., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A VMM security kernel for the VAX architecture. In: Proceedings of the 1990 IEEE Symposium on Security and Privacy, pp. 2–19 (1990)
Karger, P., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A Retrospective on the VAX VMM Security Kernel. IEEE Transactions on Software Engineering 17(11), 1147–1165 (1991)
King, S.T., Chen, P.M., Wang, Y.-M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)
King, S.T., Smith, S.W.: Virtualization and Security: Back to the Future. IEEE Security & Privacy 6(5), 15 (2008)
Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)
Lauraoux, C.: Detecting virtual machines (manuscript), cedric.lauradoux@inria.fr
Madnick, S.E., Donovan, J.J.: Application and analysis of the virtual machine approach to information system security and isolation. In: Proceedings of the Workshop on Virtual Computer Systems, pp. 210–224 (1973)
Microsoft, CPU Virtualization Extensions: Analysis of Rootkit Issues (October 2006), http://www.microsoft.com/whdc/system/platform/virtual/CPUVirtExt.mspx
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and Countermeasures: the Case of AES, Cryptology ePrint Archive, Report 2005/271 (2005)
Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Englewood Cliffs (2002)
Percival, C.: Cache missing for fun and profit. In: Proc. of BSDCan 2005, Ottawa (manuscript, 2005), http://www.daemonology.net
Pfleeger, C.P., Lawrence Pfleeger, S.: Security in Computing, 3rd edn. Prentice Hall PTR, Englewood Cliffs (2002)
Popek, G., Goldberg, R.: Formal Requirements for Virtualizable Third Generation Architectures. Communications of the ACM 17(7), 412–421
Rogers, J.: Virtualization Is Key to Disaster Recovery, Byte and Switch News (September 11, 2007)
Rutkowska, J.: Subverting VistaTM Kernel For Fun And Profit. In: SyScan 2006, July 21st, Singapore, and Black Hat Briefings, August 3rd, Las Vegas (2006)
Silberschatz, A., Gagne, G., Galvin, P.B.: Operating system concepts, 7th edn. John Wiley and Sons, Chichester (2005)
Robin, J.S., Irvine, C.E.: Analysis of the Intel Pentium’s Ability to Support a Secure Virtual Machine Monito. In: Proceedings of the 9th Usenix Security Symposium, pp. 129–144 (2000)
Sibert, O., Porras, P.A., Lindell, R.: The Intel 80x86 Processor Architecture: Pitfalls for Secure Systems. In: 1995 IEEE Symposium on Security and Privacy, pp. 211–223 (1995)
Smith, J., Nair, R.: Virtual Machines: Versatile Platforms for Systems and Proccesses. Elsevier Press, Amsterdam (2005)
Trusted Computing Group, http://www.trustedcomputinggroup.org
Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C.M., Anderson, A.V., Bennett, S.M., Kagi, A., Leung, F.H., Smith, L.: Intel Virtualization Technology. Computer 38(5), 48–56 (2005)
Dai Zovi, D.A.: Hardware Virtualization Rootkits. In: Black Hat Briefings 2006, Las Vegas, August 3 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gueron, S., Seifert, JP. (2009). On the Impossibility of Detecting Virtual Machine Monitors. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)