Title :
CBD: A Counter-Based Detection Method for VMM in Hardware Virtualization Technology
Author :
Jian, Ning ; Huaimin, Wang ; Shize, Guo ; Bo, Liu
Author_Institution :
Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China
Abstract :
VMM detection technology plays increasingly vital role in the detection of malicious codes which hide themselves inside the VMM. However, the adoption of hardware virtualization technology has led to the failure of those traditional detection methods which mainly focus their attention on logic, resources and timing discrepancies between physical hardware and virtualized hardware. Based on this, a novel counter-based detection (CBD) method is proposed in this paper. It establishes a benchmark thread in the user mode while counting the number of privileged instructions´ execution times. The VMM´s presence is detected by the discrepancy between the actual execution times and theoretic execution times of the privileged instruction. Evaluation test shows that this method is feasible for the detection of both Normal and Anti-time VMM and is currently free of specific anti-detection methods.
Keywords :
virtual machines; CBD method; VMM detection technology; antitime VMM; benchmark thread; counter based detection method; hardware visualization technology; normal VMM; physical hardware; specific antidetection method; virtualized hardware; Computer architecture; Hardware; Operating systems; Radiation detectors; Timing; Virtual machining; Counter-Based Detection; Hardware Virtualization Technology; Virtual Machine Monitor;
Conference_Titel :
Pervasive Computing Signal Processing and Applications (PCSPA), 2010 First International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4244-8043-2
Electronic_ISBN :
978-0-7695-4180-8
DOI :
10.1109/PCSPA.2010.92
