Compatibility is Not Transparency: VMM Detection Myths and Realities

Authors: Tal Garfinkel, Keith Adams, Andrew Warfield , Jason Franklin

In the 11th Workshop on Hot Topics in Operating Systems (HOTOS-X).

Recent work on applications ranging from realistic honeypots to stealthier rootkits has speculated about building transparent VMMs -- VMMs that are indistinguishable from native hardware, even to a dedicated adversary. We survey anomalies between real and virtual hardware and consider methods for detecting such anomalies, as well as possible countermeasures. We conclude that building a transparent VMM is fundamentally infeasible, as well as impractical from a performance and engineering standpoint.

Full paper: [ps] [pdf] [Bibtex Entry]