VMM detection using privilege rings and benchmark execution times Online publication date: Tue, 13-Aug-2013
by Mohsen Sharifi; Hadi Salimi; Alireza Saberi; Joobin Gharibshah
International Journal of Communication Networks and Distributed Systems (IJCNDS), Vol. 11, No. 3, 2013
Abstract: This paper proposes two complementary virtual machine monitor (VMM) detection methods. These methods can be used to detect any VMM that is designed for ×86 architecture. The first method works by finding probable discrepancies in hardware privilege levels of the guest operating system's kernel on which user applications run. The second method works by measuring the execution times of a set of benchmark programs and comparing them with the stored execution times of the same programmes previously ran on a trusted physical machine. Unlike other methods, our proportional execution time technique could not be easily thwarted by VMMs. In addition, using proportional execution times, there is no need for a trusted external source of time during detection. It is shown experimentally that the deployment of both methods together can detect the existence of four renowned VMMs, namely, Xen, VirtualBox, VMware, and Parallels, on both types of processors that support virtualisation technology (VT-enabled) or do not support it (VT-disabled).
Online publication date: Tue, 13-Aug-2013
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Communication Networks and Distributed Systems (IJCNDS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email firstname.lastname@example.org