Using Memory Map Timings to Discover Information Leakage to a Live VM from the Hypervisor

Author

Marken, Brandon ; Hay, Brian

Author_Institution

Dept. of Comput. Sci., Univ. of Alaska Fairbanks, Fairbanks, AK, USA

fYear

2014

fDate

June 27 2014-July 2 2014

Firstpage

Lastpage

Abstract

In this paper we present a technique for detecting information leaked from the hypervisor to the guest OS via statistical analysis of the amount of time required to map and unmap a page in memory. Analysis of these timings allows a guest to determine the number of co-located VMs on the same physical hardware as well as determine whether or not the VM is being monitored by Virtual Machine Introspection.

Keywords

operating systems (computers); paged storage; statistical analysis; virtual machines; colocated VM; guest OS; hypervisor; information leakage detection; memory map timing; page mapping; page unmapping; statistical analysis; virtual machine introspection; Hardware; Kernel; Monitoring; Timing; Virtual machine monitors; Virtual machining; Virtualization; Virtualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Services (SERVICES), 2014 IEEE World Congress on

Conference_Location

Anchorage, AK

Print_ISBN

978-1-4799-5068-3

Type

conf

DOI

10.1109/SERVICES.2014.18

Filename

6903242

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=243652