On the impossibility of detecting Virtual Machine monitors

Shay Gueron, Jean Pierre Seifert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Virtualization based upon Virtual Machines is a central building block of Trusted Computing, and it is believed to offer isolation and confinement of privileged instructions among other security benefits. However, it is not necessarily bullet-proof - some recent publications have shown that Virtual Machine technology could potentially allow the installation of undetectable malware root kits. As a result, it was suggested that such virtualization attacks could be mitigated by checking if a threatened system runs in a virtualized or in a native environment. This naturally raises the following problem: Can a program determine whether it is running in a virtualized environment, or in a native machine environment? We prove here that, under a classical VM model, this problem is not decidable. Further, although our result seems to be quite theoretic, we also show that it has practical implications on related virtualization problems.

Original languageEnglish
Title of host publicationEmerging Challenges for Security, Privacy and Trust - 24th IFIP TC 11 International Information Security Conference, SEC 2009, Proceedings
EditorsDimitris Gritzalis, Javier Lopez
PublisherSpringer New York LLC
Number of pages9
ISBN (Print)9783642012433
StatePublished - 2009
Event24th IFIP TC11 International Information Security Conference, SEC 2009 - Pafos, Cyprus
Duration: 18 May 200920 May 2009

Publication series

NameIFIP Advances in Information and Communication Technology
ISSN (Print)1868-4238


Conference24th IFIP TC11 International Information Security Conference, SEC 2009

ASJC Scopus subject areas

  • Information Systems and Management


Dive into the research topics of 'On the impossibility of detecting Virtual Machine monitors'. Together they form a unique fingerprint.

Cite this