qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Re: Have any ideas about how to detect whether a program is


From: Anthony Liguori
Subject: [Qemu-devel] Re: Have any ideas about how to detect whether a program is running inside QEMU?
Date: Thu, 06 Jul 2006 19:06:31 -0500
User-agent: Pan/0.14.2.91 (As She Crawled Across the Table (Debian GNU/Linux))

On Thu, 06 Jul 2006 16:46:40 -0400, Daniel Serpell wrote:

> Hi!
> 
> El Thu, Jul 06, 2006 at 03:18:14PM +0800, James Lau escribio:
>> My program is a utility for internet payment. It takes an important role
>> in the payment process to ensure security.  One of the key functions is
>> that the program should detect which machine is paying. So while virtual
>> machine (like QEMU) is present, it can cheat the program. Checking the
>> hard disk model, cpu type, and other hardward informations makes little
>> sense.  Because the users or the hackers can easily modify these
>> informations. So I need a QEMU internal checking method that hackers
>> can't easily bypass.
>> 
>> 
> Well, as others have argued, this is probably worthless.
> 
> But there is a way to detect virtual machines under x86, see
> http://invisiblethings.org/papers/redpill.html

This is an utterly silly way of doing this.  For starters, it depends on
your OS and where the monitor hides itself.  There is no reason the
monitor couldn't choose a lower address (assuming user-mode emulation). 
Also, it's totally useless when QEMU is doing full emulation (or if
hardware virtualization is present).

The only general way of doing this is to exploit timing differences
between the host and guest.  Pioneer[1] is a good example of this although
it only works on non-VT/SVM systems.  If you were exhaustive about timing
all possible exits, you could extend this to a VT/SVM system.

If hardware is available, static or dynamic attestation also addresses
this problem.

[1]
http://portal.acm.org/affiliated/citation.cfm?id=1095810.1095812&coll=ACM&dl=ACM&type=series&idx=1095810&part=Proceedings&WantType=Proceedings&title=ACM%20Symposium%20on%20Operating%20Systems%20Principles&CFID=15151515&CFTOKEN=6184618

Regards,

Anthony Liguori

> But if you run qemu without direct instruction copying, it won't work (and
> qemu will run slower), because qemu will correctly emulate the
> unprivileged instructions.
> 
>         Daniel.






reply via email to

[Prev in Thread] Current Thread [Next in Thread]