Attacks on Virtual Machines
<p>At <a href="http://aavar.org">AVAR 2006</a>, I presented a paper which discussed ways in which virtual machines are vulnerable to detection and, in some cases, forced hangs or crashes.</p>
<p>The paper briefly discusses the two major types of virtual machines ("hardware-bound" and "pure software") and the two hardware-bound subtypes ("hardware-assisted" and "reduced-privilege guest"). The focus of the paper is the different ways in which various virtual machines can be detected. There are detections for VMware, VirtualPC, Parallels, Bochs, Hydra (though the published methods have since been fixed), QEMU, Atlantis and Sandbox, along with lots of source code.</p>
<p>The slides from the talk are also available, but without the commentary, they're not quite as interesting. The paper is available from <a href="http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf">here</a>. The slides are available from <a href="http://pferrie.tripod.com/papers/attacks.ppt">here</a>.</p>
http://www.symantec.com/enterprise/security_response/weblog/2007/01/attacks_on_virtual_machines.html
http://www.symantec.com/enterprise/security_response/weblog/2007/01/attacks_on_virtual_machines.html
Wed, 24 Jan 2007 06:30:00 -0800
Linear Mode
