TY - GEN
T1 - On the impossibility of detecting Virtual Machine monitors
AU - Gueron, Shay
AU - Seifert, Jean Pierre
PY - 2009
Y1 - 2009
N2 - Virtualization based upon Virtual Machines is a central building block of Trusted Computing, and it is believed to offer isolation and confinement of privileged instructions among other security benefits. However, it is not necessarily bullet-proof - some recent publications have shown that Virtual Machine technology could potentially allow the installation of undetectable malware root kits. As a result, it was suggested that such virtualization attacks could be mitigated by checking if a threatened system runs in a virtualized or in a native environment. This naturally raises the following problem: Can a program determine whether it is running in a virtualized environment, or in a native machine environment? We prove here that, under a classical VM model, this problem is not decidable. Further, although our result seems to be quite theoretic, we also show that it has practical implications on related virtualization problems.
AB - Virtualization based upon Virtual Machines is a central building block of Trusted Computing, and it is believed to offer isolation and confinement of privileged instructions among other security benefits. However, it is not necessarily bullet-proof - some recent publications have shown that Virtual Machine technology could potentially allow the installation of undetectable malware root kits. As a result, it was suggested that such virtualization attacks could be mitigated by checking if a threatened system runs in a virtualized or in a native environment. This naturally raises the following problem: Can a program determine whether it is running in a virtualized environment, or in a native machine environment? We prove here that, under a classical VM model, this problem is not decidable. Further, although our result seems to be quite theoretic, we also show that it has practical implications on related virtualization problems.
UR - http://www.scopus.com/inward/record.url?scp=84875154228&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-01244-0_13
DO - 10.1007/978-3-642-01244-0_13
M3 - Conference contribution
AN - SCOPUS:84875154228
SN - 9783642012433
T3 - IFIP Advances in Information and Communication Technology
SP - 143
EP - 151
BT - Emerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings
A2 - Gritzalis, Dimitris
A2 - Lopez, Javier
PB - Springer New York LLC
T2 - 24th IFIP TC11 International Information Security Conference, SEC 2009
Y2 - 18 May 2009 through 20 May 2009
ER -