From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1FyRAV-0002hl-1s
	for qemu-devel@nongnu.org; Thu, 06 Jul 2006 06:33:11 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1FyRAS-0002hZ-6T
	for qemu-devel@nongnu.org; Thu, 06 Jul 2006 06:33:09 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1FyRAS-0002hW-2k
	for qemu-devel@nongnu.org; Thu, 06 Jul 2006 06:33:08 -0400
Received: from [134.130.3.130] (helo=ms-dienst.rz.rwth-aachen.de)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_ARCFOUR_MD5:16)
	(Exim 4.52) id 1FyRAc-0003Mm-Ap
	for qemu-devel@nongnu.org; Thu, 06 Jul 2006 06:33:18 -0400
Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31])
	by ms-dienst.rz.rwth-aachen.de
	(iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
	with ESMTP id <0J1Z00E9X9AY4A@ms-dienst.rz.rwth-aachen.de> for
	qemu-devel@nongnu.org; Thu, 06 Jul 2006 12:32:59 +0200 (MEST)
Received: from [137.226.40.101] (pc42.xtal.RWTH-Aachen.DE [137.226.40.101])
	by relay.rwth-aachen.de (8.13.7/8.13.3/1) with ESMTP id
	k66AWvEf029599	for
	<qemu-devel@nongnu.org>; Thu, 06 Jul 2006 12:32:57 +0200 (MEST)
Date: Thu, 06 Jul 2006 12:33:59 +0200
From: Jan Marten Simons <marten@xtal.rwth-aachen.de>
Subject: Re: [Qemu-devel] Have any ideas about how to detect whether a program
	is running inside QEMU?
In-reply-to: <c13b6c000607060018y10cf5c8fwdce320e34fb0f333@mail.gmail.com>
Message-id: <44ACE717.1080801@xtal.rwth-aachen.de>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7BIT
References: <c13b6c000607052204x33217b2dw4a4f4f28b5c73ecd@mail.gmail.com>
	<1152168950.6324.302.camel@aragorn>
	<c13b6c000607060018y10cf5c8fwdce320e34fb0f333@mail.gmail.com>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

James Lau wrote:
> My program is a utility for internet payment. It takes an important
> role in the payment process to ensure security.  One of the key
> functions is that the program should detect which machine is paying.
> So while virtual machine (like QEMU) is present, it can cheat the
> program.
Well, to say it bluntly: Your security concept is flawed, as you cannot
assume a client to be trusted. Rethink your concept. A Kerberos 5 like
model might help you here.
> Checking the hard disk model, cpu type, and other hardward
> informations makes little sense.  Because the users or the hackers can
> easily modify these informations. So I need a QEMU internal checking
> method that hackers can't easily bypass.
Just for your information: There's a project derived from qemu named
'argos' which tries to setup a high interaction honeypot to fool hackers
into revealing their techniques and tools. If they can fool skilled
hackers to take the vm for a real system, then your programm can be
fooled as well.

With regards,
Jan