| Title | Sandbox Detection Using Hardware Side Channels |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Lusky, Yehonatan, Mendelson, Avi |
| Conference Name | 2021 22nd International Symposium on Quality Electronic Design (ISQED) |
| Keywords | Anti-VM, Collaboration, composability, Covert Side Channels, Hardware, Malware, malware analysis, Policy Based Governance, pubcrawl, Sandbox Detection, Sandboxing, security, Side Channel Leakage, virtual environments, Virtual machining |
| Abstract | A common way to detect malware attacks and avoid their destructive impact on a system is the use of virtual machines; A.K.A sandboxing. Attackers, on the other hand, strive to detect sandboxes when their software is running under such a virtual environment. Accordingly, they postpone launching any attack (Malware) as long as operating under such an execution environment. Thus, it is common among malware developers to utilize different sandbox detection techniques (sometimes referred to as Anti-VM or Anti-Virtualization techniques). In this paper, we present novel, side-channel-based techniques to detect sandboxes. We show that it is possible to detect even sandboxes that were properly configured and so far considered to be detection-proof. This paper proposes and implements the first attack which leverage side channels leakage between sibling logical cores to determine the execution environment. |
| DOI | 10.1109/ISQED51717.2021.9424260 |
| Citation Key | lusky_sandbox_2021 |
Sandbox Detection Using Hardware Side Channels