Compatibility is Not Transparency: VMM Detection Myths and Realities
Andrew Warfield ,
In the 11th Workshop on Hot Topics in Operating Systems (HOTOS-X).
Recent work on applications ranging from realistic honeypots to
stealthier rootkits has speculated about building
transparent VMMs -- VMMs that are indistinguishable from native
hardware, even to a dedicated adversary. We survey anomalies
between real and virtual hardware and consider methods for detecting
such anomalies, as well as possible countermeasures. We conclude
that building a transparent VMM is fundamentally infeasible, as well
as impractical from a performance and engineering standpoint.