Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

A Technique for Remote Detection of Certain Virtual Machine Monitors

Jämthagen, Christopher LU ; Hell, Martin LU and Smeets, Ben LU (2011) The Third International Conference on Trusted Systems, INTRUST 2011 In Lecture Notes in Computer Science 7222. p.129-137
Abstract
The ability to detect a virtualized environment has both malicious and non-malicious uses. This paper reveals a new exploit and technique that can be used to remotely detect VMware Workstation, VMware Player and VirtualBox. The detection based on this technique can be done completely passively in that there is no need to have access to the remote machine and no network connections are initiated by the verifier. Using only information in the IP packet together with information sent in the user-agent string in an HTTP request, it is shown how to detect that the traffic originates from a guest in VMware Workstation, VMware Player or VirtualBox client. The limitation is that NAT has to be turned on and that the host and guest need to run... (More)
The ability to detect a virtualized environment has both malicious and non-malicious uses. This paper reveals a new exploit and technique that can be used to remotely detect VMware Workstation, VMware Player and VirtualBox. The detection based on this technique can be done completely passively in that there is no need to have access to the remote machine and no network connections are initiated by the verifier. Using only information in the IP packet together with information sent in the user-agent string in an HTTP request, it is shown how to detect that the traffic originates from a guest in VMware Workstation, VMware Player or VirtualBox client. The limitation is that NAT has to be turned on and that the host and guest need to run different operating system families, e.g., Windows/Linux. (Less)
Please use this url to cite or link to this publication:
author
; and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
host publication
Trusted Systems : Third International Conference, INTRUST 2011, Beijing, China, November 27-29, 2011, Revised Selected Papers - Third International Conference, INTRUST 2011, Beijing, China, November 27-29, 2011, Revised Selected Papers
series title
Lecture Notes in Computer Science
volume
7222
pages
129 - 137
publisher
Springer
conference name
The Third International Conference on Trusted Systems, INTRUST 2011
conference dates
2011-11-27 - 2011-11-29
external identifiers
  • scopus:84865687644
ISSN
1611-3349
0302-9743
ISBN
978-3-642-32298-3
978-3-642-32297-6
DOI
10.1007/978-3-642-32298-3_9
language
English
LU publication?
yes
id
8d8571b4-bbd6-4736-8530-1fa8d603746c (old id 2372716)
date added to LUP
2016-04-01 11:08:04
date last changed
2021-02-17 06:28:12
@inbook{8d8571b4-bbd6-4736-8530-1fa8d603746c,
  abstract     = {The ability to detect a virtualized environment has both malicious and non-malicious uses. This paper reveals a new exploit and technique that can be used to remotely detect VMware Workstation, VMware Player and VirtualBox. The detection based on this technique can be done completely passively in that there is no need to have access to the remote machine and no network connections are initiated by the verifier. Using only information in the IP packet together with information sent in the user-agent string in an HTTP request, it is shown how to detect that the traffic originates from a guest in VMware Workstation, VMware Player or VirtualBox client. The limitation is that NAT has to be turned on and that the host and guest need to run different operating system families, e.g., Windows/Linux.},
  author       = {Jämthagen, Christopher and Hell, Martin and Smeets, Ben},
  booktitle    = {Trusted Systems : Third International Conference, INTRUST 2011, Beijing, China, November 27-29, 2011, Revised Selected Papers},
  isbn         = {978-3-642-32298-3},
  issn         = {1611-3349},
  language     = {eng},
  pages        = {129--137},
  publisher    = {Springer},
  series       = {Lecture Notes in Computer Science},
  title        = {A Technique for Remote Detection of Certain Virtual Machine Monitors},
  url          = {http://dx.doi.org/10.1007/978-3-642-32298-3_9},
  doi          = {10.1007/978-3-642-32298-3_9},
  volume       = {7222},
  year         = {2011},
}