Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Attacks on Virtual Machines

Created: 24 Jan 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:53:14 GMT
Peter Ferrie's picture
0 0 Votes
Login to vote

At AVAR 2006,I presented a paper which discussed ways in which virtual machines arevulnerable to detection and, in some cases, forced hangs or crashes.

The paper briefly discusses the two major types of virtual machines("hardware-bound" and "pure software") and the two hardware-boundsubtypes ("hardware-assisted" and "reduced-privilege guest"). The focusof the paper is the different ways in which various virtual machinescan be detected. There are detections for VMware, VirtualPC, Parallels,Bochs, Hydra (though the published methods have since been fixed),QEMU, Atlantis and Sandbox, along with lots of source code.

The slides from the talk are also available, but without thecommentary, they're not quite as interesting. The paper is availablefrom here. The slides are available from here.