Attacks on More Virtual Machine Emulators
نویسنده
چکیده
As virtual machine emulators have become commonplace in the analysis of malicious code, malicious code has started to fight back. This paper describes known attacks against the most widely used virtual machine emulators (VMware and VirtualPC). This paper also demonstrates newly discovered attacks on other virtual machine emulators (Bochs, Hydra, QEMU, Sandbox, VirtualBox, and CWSandbox), and describes how to defend against them. Index Terms Hardware-assisted, Hypervisor, Paravirtualization, Virtual Machine
منابع مشابه
Attacks on Virtual Machine Emulators
As virtual machine emulators have become commonplace in the analysis of malicious code, malicious code has started to fight back. This paper describes known attacks against the most widely used virtual machine emulators (VMware and VirtualPC). This paper also demonstrates newly discovered attacks on other virtual machine emulators (Bochs, Hydra, QEMU, and Xen), and describes how to defend again...
متن کاملAutomatic generation of machine emulators: Efficient synthesis of robust virtual machines for legacy software migration
As older mainframe architectures become obsolete, the corresponding legacy software is increasingly executed via platform emulators running on top of more modern commodity hardware. These emulators are virtual machines that often include a combination of interpreters and just-in-time compilers. Implementing interpreters and compilers for each combination of emulated and target platform independ...
متن کاملDetecting System Emulators
Malware analysis is the process of determining the behavior and purpose of a given malware sample (such as a virus, worm, or Trojan horse). This process is a necessary step to be able to develop effective detection techniques and removal tools. Security companies typically analyze unknown malware samples using simulated system environments (such as virtual machines or emulators). The reason is ...
متن کاملNoSE - building virtual honeynets made easy
We developed a system called Network Simulation Environment (NoSE) to simulate arbitrary network environments on a single Linux machine. NoSE provides a GUI and a management daemon that is capable of generating a complex network containing virtual hosts and switches with just a few clicks. Different virtual machines and network configurations can be archived in a library for later reuse. NoSE i...
متن کاملA fistful of red-pills: How to automatically generate procedures to detect CPU emulators
Malware includes several protections to complicate their analysis: the longer it takes to analyze a new malware sample, the longer the sample survives and the larger number of systems it compromises. Nowadays, new malware samples are analyzed dynamically using virtual environments (e.g., emulators, virtual machines, or debuggers). Therefore, malware incorporate a variety of tests to detect whet...
متن کامل